Certificate not trusted

BjornM · December 20, 2021, 6:16am

HTTPS works fine except on iPhone. Safari won't open the site and complains that it doesn't support TLS 1.2, but I've checked that it does indeed support TLS 1.2.

I went to SSL Checker to try to figure out the problem, and everything seems ok, except it also says: "Server certificate is not trusted by reputable certificate stores!"

The Certificate paths section has three steps, first two are ok, third one has an error:

"Extra download Not in trust store".

ISRG Root X1 (self-signed)
cabd2a79a1076a31f21d253635cb039d4329a5e8
RSA 4096 bits / SHA256withRSA

http://ssl-checker.online-domain-tools.com/

Not sure about what to do. Thankful for any help.

Regards,
Bjorn

My domain is: athletium.app

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): Windows Server 2019

My hosting provider, if applicable, is: Hostwinds, VPS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): WinACME v2.1.16.1

webprofusion · December 20, 2021, 6:26am

Which version of iOS is the iPhone running?

Your certificate chain is fine, it's just using the modern Let's Encrypt chain instead of the "android compatible" one, this is normal on Windows servers.

The ssl checker you linked to is clearly not very good, use something else like SSL Server Test (Powered by Qualys SSL Labs)

webprofusion · December 20, 2021, 6:28am

Regarding TLS and Cipher suite compatibility, it looks OK but perhaps there is a problem with an older version of iOS. You can adjust your supported TLS and cipher suites without messing with the registry using the free tool Nartac Software - IIS Crypto then click 'Best Practise', apply that then restart the server.

BjornM · December 20, 2021, 3:32pm

Thanks webprofusion!

It's an iPhone 7 from last year, with iOS 14.2.

I cleared the browser cache again, and suddenly it works. Maybe Safari caches the certificate, or something similar. I'm confused, but now it works at least.

system · January 19, 2022, 3:33pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IOS Native Support Help	2	1356	August 9, 2017
Connection is not trusted (iOS only) Help	6	17519	April 10, 2018
[SOLVED] iOS Safari Not Trusted Server	7	19474	March 3, 2016
R3 not trusted on iphone safari Help	6	3162	March 20, 2023
Certificate not trusted on mobile device even using fullchain [web.py] Server	6	3610	January 22, 2016

Certificate not trusted

Related topics