SHA1 Organisational CA invalid messages in iOS 11
| Originator: | cwindus | ||
| Number: | rdar://33099935 | Date Originated: | 03/07/2017 |
| Status: | Resolved | Resolved: | 26/07/2017 |
| Product: | iOS11 | Product Version: | iOS 11/15A5304i |
| Classification: | Security | Reproducible: | Always |
Area: Wi-Fi Summary: When installing a configuration profile that has a .der type Organisational CA as a certificate payload, a message appears during the installation process advising the installation failed as the certificate appears to be invalid. Steps to Reproduce: Open Apple Configurator 2 Plug iPad in Select iPad in Apple Configurator 2 Drag the mobileconfig profile onto the iPad in Apple Configurator 2 to install the profile. On the iPad, go through the onscreen steps to install the profile. Expected Results: Even though the certificate is a SHA1 type, the profile with the Organisational CA should be installed as per https://support.apple.com/en-us/HT207459 Observed Results: The profile is not installed, an error message appears advising that the certificate "file.der" appears to be invalid. Version: iOS 11/15A5304i Configuration: This does not occur for an iOS device running iOS 10.x.x using the same profile. *Note - this issue also occurs in macOS 10.13, it is _very_ likely that SHA1 certificates are now deprecated in iOS 11 and macOS 10.13
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
RESOLVED
This has been resolved in iOS 11 beta 4 (build 15A5327g)