Categories
apple

Fix Old iPhone 4/4S iOS 7 SSL Certificate Errors

The root certificates shipped with iOS 7 are very old at this point, and in some very important cases (Let’s Encrypt IdenTrust DST Root CA X3) have expired. In a lot of cases this will throw an SSL error and prevent whatever site or URL you’re accessing from loading.

In my case it was my podcast app that stopped working, as it was trying to grab podcasts (RSS Radio) from sites that were using Let’s Encrypt SSL certs.

These errors may be a sign of the expired root certificate:

Cannot verify server identity
Review certificate details to continue
SSL Certificate not trusted
Certificate Error


The solution is to install an updated Let’s Encrypt Root Certificate (ISRG Root X1 non-cross-signed) on your iPhone (this works for other devices too).

Unfortunately, most of them are hosted behind HTTPS that won’t load due to the very issue we’re talking about. I’m hosting the same cert here behind HTTP, but due to trust issues, use the “official” one above if you can (email it to yourself maybe?)
Official: https://letsencrypt.org/certs/isrgrootx1.pem (try that if you can)
HTTP: http://blog.jjhayes.net/isrgrootx1.pem

Once you’ve got the isrgrootx1.pem file downloaded open it and “install” the new certificate.

Settings -> Downloaded Profile -> ISRG Root X1 -> Install

You should now have access to a bunch of apps/sites that had mysteriously stopped working all of a sudden.

Leave a Reply

Your email address will not be published.