Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense CA Root and IOS 14.4

    Scheduled Pinned Locked Moved
    Off-Topic & Non-Support Discussion
    3
    4
    842
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MarkFarr
      last edited by

      Hello,

      I am wondering if any other iPhone users here have imported the CA root from pfSense?

      I have imported the certificate, where it creates a custom profile on IOS, and then went into Settings -> General -> About -> Trusted Certificates and enabled my custom custom root CA.

      However, when I try to browse any internal sites (on Safari or Microsoft Edge) that have certificates signed by my custom root, they continue to be untrusted. This exact same certificate setup works fine on Windows, Linux, Android and my iPad.

      One main difference is that my iPhone (which I am completely new to) is managed (by Microsoft InTune) by my employer also, but so was my Android device which did not have this problem.

      I know this is not a pfSense problem at all, but I wanted to toss the problem here before I try and contact the Apple "Geniuses" and see if anyone could provide a suggestion.

      Thanks for your help!
      Mark.

      1 Reply Last reply Reply Quote 0
      • N
        NOCling
        last edited by

        Safari will no longer trust SSL/TLS certificates with validity periods longer than 398 days.

        Check your pfsense Web Server certificate.

        Netgate 6100 & Netgate 2100

        S M 2 Replies Last reply Reply Quote 1
        • S
          SteveITS Rebel Alliance @NOCling
          last edited by

          @nocling said in pfSense CA Root and IOS 14.4:

          Safari will no longer trust SSL/TLS certificates with validity periods longer than 398 days.

          And Chrome, and I think Firefox or at least they talked about it. It depends on when they were issued though...off the top of my head Chrome was for certs issued after Sept. 1 2020. Safari was earlier I think.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • M
            MarkFarr @NOCling
            last edited by

            @nocling said in pfSense CA Root and IOS 14.4:

            l no longer trust SSL/TLS certificates with validity periods longer than 398 days.
            Check your pfsense Web Server certificate

            I think you hit the nail on the head. my certificates are set to expire years from now, so this could very well be the issue. I was completely unaware of this certificate limit on the Apple.

            Thank you for bring it to my attention, I am going to reissue a certificate and test it out.

            Cheers,
            Mark.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post