Hi, we have a case where iOS devices access intranet website via Tunnel. The intranet website's certificate is issued by company's internal Subordinate (intermediate) CA. This intermediate CA's certificate is issued by company's internal root CA. Obviously iOS doesn't trust both by default. I configured credentials payload and pushed both (root and intermediate) CA's certificates to iOS.
The problem is that iOS still warns about certificate not being valid/trusted (depending on Browser). I configured Web, Chrome and FF and all three show the initial warning. I also installed TLS Inspector and it shows “Untrusted Chain” message.
Same configuration on Android works just fine. No warning messages. If I remove those two certificates from Android I also get warning messages like on iOS.
When I go to iOS Settings -> General ->About -> Certificate Trust Settings I see that the root is fully trusted. I have a feeling that iOS doesn’t trust the intermediate hence the warning.
Has Apple changed something recently or has it been like this since the beginning?
Just curious if this was ever answered. We are having the same exact issue and it is happening in an application we want to use internally where it no longer trusts the SSL certificate of the internal server that was signed by our internal CA. We basically have the same setup with a root CA and a secondary CA that was signed by the root. I have deployed the certificates in the same order as you have to the devices. Any information you can offer is greatly appreciated.
I know this is likely a dead thread, but troysp, do you ever figure this out?