Cannot install CA certificates from cacert.org as trusted.
| Originator: | hopthrisC | ||
| Number: | rdar://16568248 | Date Originated: | 2014-04-09 |
| Status: | Open | Resolved: | |
| Product: | iOS | Product Version: | 7.1 |
| Classification: | Security | Reproducible: | Always |
Summary: The class 1 root certificate from http://www.cacert.org/index.php?id=3 cannot be installed as trusted profile in iOS. Presumably this is because it is signed with md5, although that requirement makes no sense for certs that are signed by themselves (or explicitely trusted). The class 3 intermediate certificate from http://www.cacert.org/index.php?id=3 cannot be installed as trusted profile in iOS, even though it is signed with sha256. Presumably this is because because it is only an intermediate certificate and not signed by itself. Steps to Reproduce: 1. open http://www.cacert.org/index.php?id=3 in Safari on an iOS device 2. Follow the link for "Root Certificate (PEM Format)" 3. In the following "Installing Profile" dialog tap "Install Now" 4. Notice in the following "Profile Installed" dialog that the certificate is installed but marked as "Not Trusted" Same goes for the "Intermediate Certificate (PEM Format)". Expected Results: At least the Class 3 certificate from cacert.org should be trusted. Actual Results: Neither CA certificate from cacert.org is trusted. Version: iOS 7.1 (11D167) [Probably since 6.0] Notes: Funnily enough: on a device that had the certs installed from back in the 5.0 days (now upgraded to 7.1), I cannot "not trust" the above mentioned certificates. Uninstalling and reinstalling the certificates there works perfectly fine.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!