[TriLUG] OT: CACerts on iOS 11.3
Brian McCullough via TriLUG
trilug at trilug.org
Thu Apr 12 12:37:12 EDT 2018
On Thu, Apr 12, 2018 at 11:37:23AM -0400, Triangle Linux Users Group discussion list wrote:
> Gang,
Brian,
> This is a bit off-topic but I know we have some CACert enthusiasts among us,
> and iPhone users as well.
>
> If anyone has been able to successfully trust the CACert root certificates
> on an iPhone running iOS 11.3, I'd love it if you'd contact me off-list for
> a quick consultation. A chat with an Apple rep led to "you should contact
> the developer." Right. Would that be the iOS developer, or the developer
> of X.509? *shakes head*
I know that this isn't very off-list, but I will ask anyway.
Are you able to import the CAcert Root certificates into your iOS
device?
You should also be aware that the MD-5 certificates that are easily
accessable on the CAcert web site have been replaced with SHA-256
versions, which are much more acceptable to "the world of today."
You can find a PEM version of the Class 1 Root at
https://wiki.cacert.org/FAQ?action=AttachFile&do=view&target=root_256.crt,
a DER version at
https://wiki.cacert.org/FAQ?action=AttachFile&do=view&target=root_256.der
and a Windows-installable version at
https://wiki.cacert.org/FAQ?action=AttachFile&do=view&target=CAcert_Root_Certificates_256.msi
Class 1 and Class 3 SHA-256 Root Certificates, combined, in PEM format:
https://wiki.cacert.org/FAQ?action=AttachFile&do=view&target=CAcert_chain_256.pem
Don't forget to remove the old MD-5 Root Certificate, serial number
000000, when you install the new Certificate, serial number 00000F.
All of the above can be found in the CAcert Wiki, at:
https://wiki.cacert.org/FAQ#Certificates
We are currently working on making the new Certificates "official,"
replacing the old ones on the "Root Certificates" page.
Brian
More information about the TriLUG
mailing list