Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 12461 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS Decrypting / IOS

florianmulatz

Hi @All,

I have problems to get working the https decryption with all my IOS devices. 
I configured a firewall rule for testing the https decryption which has (actually) two devices in there -- my Desktop PC and my own iPhone.

Both devices has the Sophos CA Certificate for https-decrypting imported. It is working normally on my desktop PC but I cannot get it working on my iphone. It's always telling me for SSL sites that it has a untrusted certificate.

I also tried to create my own openssl-ca - same issue as with the Sophos CA Certificate. (desktop is working but not the iPhone)

Do you have any clues on that?

Thx for any help!



This thread was automatically locked due to age.
Parents
  • +1

    Hi Florian,

    since one of the last iOS versions you need to activate the full trust to your root certificate after the installation as a profile.

    You can find this menu here:

    Settings --> General --> Info --> Scroll down --> Certificate trust settings (my Devices are not running in English, so I hope the translation is close to the original)

     

    If your certificate is not visible there, you need to create a new one with the correct CA extensions (and maybe stronger algorithms).

    I've used the following HowTo after I ran into this problem some weeks ago:

    jamielinux.com/.../introduction.html

     

    Best Regards

    Dom Nik

Reply
  • +1

    Hi Florian,

    since one of the last iOS versions you need to activate the full trust to your root certificate after the installation as a profile.

    You can find this menu here:

    Settings --> General --> Info --> Scroll down --> Certificate trust settings (my Devices are not running in English, so I hope the translation is close to the original)

     

    If your certificate is not visible there, you need to create a new one with the correct CA extensions (and maybe stronger algorithms).

    I've used the following HowTo after I ran into this problem some weeks ago:

    jamielinux.com/.../introduction.html

     

    Best Regards

    Dom Nik

Children
  • 0 in reply to DomNik

    Hi Dom,

    This was the decisively hint. I haven't known that I've to activate it dedicatedly there.
    I imported the Sophos CA Cert again there (as my own CA Cert created with exactly the linked article) is not shown there - maybe I'm missing something but this is ok as long as the Sophos is working now after I "activated" it to fully trust it on my iPhone.

    Many, many thanks! 

    BR & have a nice weekend