The root certificates shipped with iOS 7 are very old at this point, and in some very important cases (Let’s Encrypt IdenTrust DST Root CA X3) have expired. In a lot of cases this will throw an SSL error and prevent whatever site or URL you’re accessing from loading.
In my case it was my podcast app that stopped working, as it was trying to grab podcasts (RSS Radio) from sites that were using Let’s Encrypt SSL certs.
These errors may be a sign of the expired root certificate:Cannot verify server identity
Review certificate details to continue
SSL Certificate not trusted
Certificate Error
The solution is to install an updated Let’s Encrypt Root Certificate (ISRG Root X1 non-cross-signed) on your iPhone (this works for other devices too).
Unfortunately, most of them are hosted behind HTTPS that won’t load due to the very issue we’re talking about. I’m hosting the same cert here behind HTTP, but due to trust issues, use the “official” one above if you can (email it to yourself maybe?)
Official: https://letsencrypt.org/certs/isrgrootx1.pem (try that if you can)
HTTP: http://blog.jjhayes.net/isrgrootx1.pem
Once you’ve got the isrgrootx1.pem file downloaded open it and “install” the new certificate.
Settings -> Downloaded Profile -> ISRG Root X1 -> Install
You should now have access to a bunch of apps/sites that had mysteriously stopped working all of a sudden.
2 replies on “Fix Old iPhone 4/4S iOS 7 SSL Certificate Errors”
On my iphone 4, I installed the profile isrgrootx1.pem and trusted the certificate. I then cleared Safari data and cache and rebooted. But https://letsencrypt.org will still not load in Safari. (Some other sites, such as https://google.com load fine.) Under Settings/General/Profile I see the ISRG Root X1 profile containing the trusted certificate. Any ideas?
Thanks
No, unfortunately – I haven’t had time to dig into this one. I’m thinking the only way to keep using these old devices is going to be an HTTP proxy (like MITM) that terminates ssl and offers a cert these old devices can use.