Apple distrusts some certificate authorities with iOS 12

Hello,

Greetings from ManageEngine!

With the release of iOS 12 and Mojave right around the corner, here is an update about trusted certificates to ensure a smooth transition to iOS 12 or Mojave.

Apple is completely distrusting the following Certificate Authorities (CA) and removing them from iOS Trust Store:

Symantec
Federal Common Policy Root

If you are using certificates issued by the above mentioned CAs in the on-premises version of Mobile Device Manager Plus, you will have to use the certificates issued by other trusted CA.

To find the current CA that is being used for generating certificates in the Mobile Device Manager Plus server, navigate to Admin -> Import SSL certificates. Here you'll be able to view the certificate details and also the CA that has issued the certificate.

You can modify the certificate if they are from the CAs that are being untrusted by Apple.

If these certificates are used for securing other services in your organization, you can distribute these certificates to the devices from the Mobile Device Manager Plus server.

Apple by default trusts any certificate that has been distributed to the devices from a Mobile Device Management solution. You can distribute the certificate to your devices by navigating to Device Mgmt -> Profiles -> Apple and in the Certificate tab, upload the certificate that you are using. Even if you distribute the certificate issued by Symantec or Federal Common Policy Root, they will be trusted. But, it is still recommended to change your CA.

You will have to make these changes before you update your devices to 1OS 12 or Mojave. You can find more information about these certificates here.

If you have any queries about these certificates, or the modification procedure, you can contact Mobile Device Manager Plus' support team for assistance.