For details on cookie usage on our site, read our Privacy Policy
SSL Decryption with iOS 13 Devices
- LIVEcommunity
- Discussions
- General Topics
- SSL Decryption with iOS 13 Devices
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
SSL Decryption with iOS 13 Devices
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-10-2019 02:26 PM
We began testing of the iOS 13 beta last week on several test devices that are connected to our internal mobile device network. This network passes traffic through the Palo with SSL decryption. We are finding that iOS 13, even with our cert installed on the device via MDM, does NOT accept the decrypt cert. We are still testing, but so far we have found several applications that will not work (some give errors, some just don't do anything), Safari will not open HTTPS sites, and our MDM environment cannot send commands to the devices. In all cases, once we take the device off of the internal WiFi, eliminating SSL decrypt, everything works.
I have not yet been able to find any documentation from Apple indicating that they are enforcing certificate pinning across the OS, but it sure seems like they might be. Has anyone else encountered this yet?
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-23-2019 09:06 AM - edited 10-23-2019 09:07 AM
Same problem here. iOS 12.x devices are fine and have been for a long time. All other devices (Windows, Chromebooks, Linux, Android) with install cert are fine. iOS 13.x devices are broken. Cert is installed, trusted. We are stumped. Cannot figure out why this will not work. Had a 2 hour call with Apple on 10/17/2019 and they are having us send some extended logging info to them. Please reply if there is any additional information to share.
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-24-2019 11:21 AM
We are seeing similar issues with macOS Catalina. Certificate is installed but we continue to get SSL errors when using safari.
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-24-2019 11:34 AM - edited 10-24-2019 11:37 AM
@RocRaider- We are in the same boat on the same page. Frankly, we have no idea what to do. We have 3,000 iPads and fewer than 50 MacBooks and we're not getting much help from either PaloAlto or Apple. I hope somebody figures it out soon because we have, basically, given up. If someone doesn't get this under control soon my Financial Advice would be to invest in Chromebook Manufacturers!
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-24-2019 11:42 AM
Has anyone verified that you meet the new system requirements for iOS 13 and macOS 10.15? With these in place we haven't run into any issues decrypting Apple traffic, but if you don't meet one of the new requirements then this will cause the device to reject the trusted cert.
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-24-2019 12:24 PM
Yep! First thing we did when they came out and we started having trouble.
- Environmentals in General Topics
- Offboard/Remove devices from AIOPS in AIOps for NGFW Discussions
- Cortex XDR disabling itself in Cortex XDR Discussions
- USB connectivity in XQL in Endpoint (Traps) Discussions
- Cortex XDR agent installation suggestions for a Proxmox host and its LXC containers in Cortex XDR Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
