SSL Deep Inspection with iOS devices (iPhone; iPad)
Hope someone can shed some light on this problem. So I want to enable SSL deep inspection for devices on my network. Windows stations with the CA cert pushed via group policy or installed manually work great and I can control all the aspects I want with deep inspection (safe search, etc...). I also want to provide the certificate to our WIFI users, most of them being students with their own devices.
I have the cert provided via download link on the captive portal page for the WIFI. Download link works fine, and Windows users are able to download it, install it and off they go. However, I go through the steps with an iPhone whether I used .cer file, .p12 or .pfx .. the file downloads, I can install it and it tells me the cert is verified but I still get certificate errors when browsing https websites, also app store, etc... won't load.
Are you able to browse some sites like let's say https://www.facebook.com on Safari? On iOS, with deep-inspection, you have to exempt some apple domains from deep-inspection because of Certificate Pinning. In the default deep-inspection profile in FortiOS 5.6, we have some default address groups exempted.
With the native iTunes and Apple store, if you do not have the apple domains exempted, they will not work. Can you try adding the exemptions? It is hard for browsers to do Certificate Pinning, therefore, if you want to find out if the installation of the Certificate is done correctly, you can try to access some HTTPS sites on a browser application.
When I go to an HTTPS enabled site in Safari, such as Facebook, the site simply does not display. When I go to the same sites in Chrome it will give me a certificate warning and allow me to proceed if I choose too.
I will try adding the apple domains to the exemptions and try the App Store, etc...
*** EDIT : Exemptions work, I made wildcard entries for *.apple.com, *.appstore.com and *itunes.apple.com and they now function. If I put an exemption for Facebook (social networking category) it will also work. ***
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.