iOS 18 has new issue with self signed SSL certificate

Question

Created Sep ’24

Replies 9

Boosts 10

Views 1.6k

Participants 9

After updating my iPad 11 Pro to iOS 18, Apple’s email client now refuses to honor the self signed certificate I use for my IMAP server with the error ‘Unable to create a secure connection to the server ("bad certificate format" -9,808).’ Clients on other platforms such as Android, Windows, Linux and Solaris work fine. iOS 17 email accepted the certificate chain without error.

I imported my CA root certificate into the iOS trust store and enabled root certificate trust for it, and still cannot get past this error.

The certificates were generated with OpenSSL utilities version 1.1.1w.

Anyone have insight into a more detailed meaning for that error code, or a pointer to a tool that will identify what is offensive with my certificate to iOS. This is a high priority for me.

Thanks.

Boost

Answer 1

Vik232 OP

Sep ’24

Same problem.

2

Answer 2

addielamg OP

Sep ’24

Same problem

0

Answer 3

chnmrc OP

Oct ’24

Same problem. I also have same error, and it worked fine on ios 17. Can someone tell us what this error means?

0

Answer 4

chnmrc OP

Oct ’24

I resolved it replacing certificate

0

Answer 5

sissiwasabi OP

Oct ’24

same problem. reinstalling the mobileconfig with the certificates in it did not solve anything. also installing the root certificates seperately doesnt change it. there is just nothing listed anymore in the trust certificate store

1

Answer 6

l008com OP

Oct ’24

Same problem - same exact error, however my cert is not self-signed, its a legit cert from LetsEncrypt. Worked in all previous iOS versions for decades, still works on MacOS. But iOS18..... no more email.

1

Answer 7

abotsis OP

3w

I had the same issue with dovecot on openbsd using a LE cert updated with acme. In my case the cert was getting refreshed properly but wasn’t picking it up (using openssl s_client to test). The cert presented was expired. Restarting dovecot fixed it for me.

0

Answer 8

KDBaumann OP

2w

Having this issue with a LetsEncrypt cert. I can’t even get to the site since I get told to click here if I understand the risks. I click and nothing happens….

Makes it hard to test things. :-)

0

Answer 9

gsexton OP

2d

The solution is this:

First, generate your own CA Certificate and install it on your phone.

Create a new signing request with a Subject Alternate Name record. iOS requires a SAN record and if it's not present, you'll get 9808.

Once you do this, it will work as expected.

0