Certificate issues with new iOS


I have not had any issues with GMS and setting this up on anybody's iPhone until the latest 10.3.3 update. We have GMS 14.2.1 Build 270. When I try to set up email sync on a users iPhone now it says that it cannot verify the Certificate. It is self signed so I know why it is getting that. In the past I manually downloaded the Cert and imported into the phone and all worked well. Now I get it downloaded and imported/installed on the iPhone and it says "Verified" under the profile and I have it enabled under the Certificate trust settings. After doing this if I try to set up email sync again, it still says it cannot verify and it brings up the profile but it says "not Verified" for some reason and does not allow me to trust or allow this cert. As a test I removed the Email account from my iPhone and removed my device from the GMS admin console under my name. I then upgraded my iPhone to the 10.3.3 version. I then went and was able to successfully add my email account to the iPhone. I did not have to add any profiles (nothing is under the profile section) or enable any profiles under the Certificate Trust settings. Now I am really confused.

Does anyone have any ideas or what I could try?

Parents Reply Children
  • Oh totally. I've purchased from 'the guys' that everyone likes with
    great support and the experience was good. I also feel like there are
    only so many reasonable ways to use a cert that a smalker IT shop will
    come across and these are well documented on the internet. Reputable
    CA's or re-sellers allow for multiple re-issues, and have their roots
    widely distributed, which are about the only major concerns.

    At the end of the day, the $12 cert provides the exact same
    functionality as the $175 or $500 one. There can be some differences in
    the CRL server responsiveness or the vetting process of the issuer, and
    maybe one could argue these can be important depending on the expected
    traffic or business type. However once plugged into say, a web server,
    the key material works in concert with the available crypto libraries
    and a trusted RSA/SHA2 cert works the same as any other trusted RSA/SHA2

    Not that this is relevant for GMS, but the same for EV/GreenBar. Its
    simply a field in the cert that the browsers look for to change a
    display. There is zero difference in the crypto technology provided.

    On 9/6/2017 12:53 AM, Anders Gustafsson wrote:
    > Well, it depends on where you buy. If you want a certificate without
    > hassle and a vendor that does decent support, then a standard SSL cert
    > is 175$. That goes down to 139$/year if you buy three years.
    > Given the fact that a skilled IT-professional probably costs his
    > employer 100$/hour or more... I'd say buy a cert.