Certificate Transparency
When an iOS device establishes a connection to a server, the server’s TLS certificate undergoes evaluation based on Apple’s Certificate Transparency requirement. This evaluation decides whether to trust the certificate. When servers exposed to the internet have their certificates submitted to a public log, they automatically fulfill Apple’s Certificate Transparency requirement. However, the situation is different for internal servers not exposed to the internet. Since these servers lack a submission on the public log, they do not meet the Certificate Transparency requirement. Your iOS devices may experience trust failures when connecting to those internal servers. This profile configuration enables you to disable the Certificate Transparency requirements for your internal servers and internal domains so your iOS devices can connect to them. For more information, see CertificateTransparency.
You do this when:
- This configuration is available to iOS 12.1.1+ devices.
- You must add at least one certificate or domain.
| Feature | Details |
|---|---|
| Disable Transparency for Certificates | Select
Add and enter a private, untrusted
certificate hash. The hash is the DER-encoding of the certificate's
subjectPublicKeyInfo. The
format of the hash must be Base64 encoded (binary) SHA-256. Restriction: You can not add identical
hashes. Your iOS devices skips the Certificate Transparency check for the added certificate hash. |
| Disable Transparency for Domains | Select
Add and enter a web address of a domain.
Your iOS devices skips the Certificate Transparency check for the added domain. |