Apple has announced a change to TLS certificate trust rules: https://support.apple.com/en-us/HT211025
Will these rules affect the certificates used for authenticating IPSec certificates when connecting to a server using NEVPNManager as well? Will connections to those servers fail as well?
My recommendation here would be for any TLS connections using a server certificate from one of the Root CAs pre-installed on iOS, iPadOS, macOS, watchOS, or tvOS to be aware of this change on September 1st, 2020. You should plan for this change if you know you are going to obtain a new certificate after September 1st, 2020 for TLS connections on Apple platforms - as this change will affect you. Keep in mind that this only affects TLS server certificates issued AFTER September 1st. So, for example, if you have a server certificate that is used for TLS connections, and this certificate is issued from one of the Root CAs contained on Apple platforms, and you obtain a new certificate in the middle of September 2020, this certificate should contain a validity period with a maximum of 397 days instead of 825 days. This validity period will be contained in the period of time from notBefore through notAfter, inclusive.
Notice that this documentation also states that this change will not affect certificates issued from user-added or administrator-added Root CAs.
Matt Eaton
DTS Engineering, CoreOS
meaton3 at apple.com