iOS 18 Bug -Certificate Trust Settings for Private Root Certificates Not Available

Importing an existing self- signed trusted root certificate no longer triggers option to trust cert in Settings / About / Certificate Trust Settings In iOS 18.

Cert installed manually from internal website, as email attachment, and using profile in Configurator all produce same result.

Same cert and processes work on iOS 16.7.10, iOS 17.6.1 and iPadOS 18.0

But not on iOS 18.0 nor beta iOS 18.1 beta5 on iPhone 16

Also tried regening a new test root on macOS Sonoma and installing using Configurator. No difference.

It’s broken - I’ve reported it by Feedback - it’s a vital security flaw.

Anyone else see this or have a workaround?

Answered by DTS Engineer in 815354022
After upgrading to iOS 18.2 b4, I can finally see the missing certificates in the Certificate Trust Settings

Yep. That gels with my expectations based on the resolution I see for the bug. Thanks for checking!

After upgrading to iOS 18.2 b4, I can finally see the missing certificates in the Certificate Trust Settings

Yeah, that’s a different, but obviously related issue. And so…

I submitted FB15921702

Thanks!

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

When can it be fixed? Can apple engineer help to escalate the issue? Thanks.

FINALLY I fixed it without resetting my iPad/iPhone, by using the Edit Backup file and restore, from the third-party Mac App you know.

  1. Backup your device running iOS 18
  2. Use Mac App to extract the backup files
  3. Remove the MobileDeviceDomain, KeychainDomain, ProtectedDomain, 3 folders
  4. Restore the edite backup to your device

Done. https://twitter.com/DreamingPiggy/status/1857459220091908594

@DTS Engineer - Hey Quinn,

I just upgraded from an iPhone 13 (which had my custom CA root installed and trusted) using Apple's upgrade path (backed everything up to iCloud, put the phones next to each other, and let them do their thing). The install did not include the root cert from the iPhone 13.

I am testing the waters before any of my users try this, and I am stuck. I am stymied by the lack of root cert trust settings in 18.1, which keeps OpenVPN from connecting to my private network. This completely breaks remote access, for me (and for any of my users that might upgrade to a new phone), as it hangs on verifying the OpenVPN server certificate.

Before I distribute (dangerously) altered OpenVPN profiles that do not try to verify the certificate, is there an ETA for a fix?? Thanks!

An update - I discovered that installing a certificate from HTTPS sites (vs. email, which I had been trying) works. OpenVPN accepts this certificate even though it is not trusted, which lets me work around the connecting from outside issue.

What this does not solve is every internal website or service using my custom CA's signed certificates shows up as untrusted. This is a pain, and I really hope it is fixed soon!

Slightly different angle. Installed 18.1.1 on a six month old iPad. After rebooting get a message about an untrusted certificate which expired in 2016 - related to an email no longer used email server. There does not seem to be an option to list and delete certificates. Nothing under VPN and Device Management.

we also have customers who told us about not working vpn‘s because of missing root ca‘s. watching this here very carefully and hope this will be fixed soon.

After upgrading to iOS 18.2 b4, I can finally see the missing certificates in the Certificate Trust Settings but there are certificates from previous backups and I’m unable to remove them.

Same. After updating an affected iOS 18.1 to iOS 18.2 beta 4,

  • An unremovable certificate is listed in the Certificate Trust Settings. Even after removing all the profiles, it stays there.
  • I can install root certificates and trust them.

Although the behavior is weird, it seems that we can now trust certificates without erasing All Content and Settings.

I submitted FB15921702 about previous reply on iOS 18.2 beta 4.

After upgrading to iOS 18.2 b4, I can finally see the missing certificates in the Certificate Trust Settings

Yep. That gels with my expectations based on the resolution I see for the bug. Thanks for checking!

After upgrading to iOS 18.2 b4, I can finally see the missing certificates in the Certificate Trust Settings

Yeah, that’s a different, but obviously related issue. And so…

I submitted FB15921702

Thanks!

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I checked behaviors on a reproduction without restoring from backups, and updated FB15921702.

Basically,

  • If the certificate had been installed via configuration profile from MDM, the issue was resolved on iOS 18.2 Beta 4.
  • If the certificate had been installed manually, I needed to re-install the same certificate after updating to iOS 18.2 Beta 4 to trust it.

I do not see anything in the release notes for iOS 18.2 Beta 4 that mentions this bug at all.

FWIW when a nasty problem with Exchanged-based calendars from iOS 18 was fixed in 18.1, it was not in the release notes either... but it was still fixed.

@chkpnt You need to check the AppleSeed for IT release notes. ;)

As iOS 18.2 has been released: Can anybody confirm, that the bug is fixed?

iOS 18 Bug -Certificate Trust Settings for Private Root Certificates Not Available
 
 
Q