iOS18, certificates, mail app and domain

Question

Created Apr ’25

Replies 4

Boosts 0

Participants 2

I'm totally baffled by the changes Apple made on iOS18 about certificates usage in the built-in mail application. They decided that self-signed are not accepted any more, fine. As long as you can install your own root CA and trust it, it should be fine. But NO! They have also decided that mail will only accept IMAP servers using a domain name, no more just and IP address. So you can't get any IP-based certificate that will be accepted by the mail app, even with the right SAN and al. I've tried two "identical" certs, one with a domain and one with an IP and the domain works while the IP fails, being rejected as non-valid by the app. The most funny part is that the IP cert is good enough to configure mail (can see the successful login), but is being rejected when reading emails. I'm really fed up with the "Apple police" that wants to push us not using our own storage anymore. My se case is simple, I have an IMAP server that is used by family to archive all emails and keep them organized, saved forever and away from being scanned. I need to access that server either when locally connected or through VPN. For VPN, I use split tunnels because I don't want all traffic to go to tunnel. Nor do I want to create my own local DNS server and have all VPN clients use such DNS server only for the sake of having a domain name for the IMAP server. Nor do I want to open an external port to redirect to my IMAP server (that works of course as then I can use DDNS ...). Talk about increased security!

This is insane

Boost

Answer 1

darkpaw OP

Apr ’25

Sorry, what is your question for us not-employed-by-Apple, third-party developers who write third-party software for Apple's platforms?

If you're just having a moan, sorry, but this isn't the place for that.

These are the Developer Forums, where developers of apps for Apple's platforms ask each other for hints and tips on coding.

If you have a product support question I'd suggest you ask it over at the Apple Support Forums.

If, however, you have a suggestion raise it at https://feedbackassistant.apple.com/

Thanks.

0

Answer 2

Philippe_44 OP

Apr ’25

Sorry, my implied question was : is what I observe and assume correct and there is no way now with iOS 18 to have the mail app use an IP directly, or is there something special/extra I should add in the cert? (the SAN field of the cert contains the IP). I agree it's not really a dev question (I'm an embedded dev myself) but I'm afraid it is a too technical question for support forum, hence I tried here as maybe somebody has experience with related certs/security management changes in iOS18 and could give me a hint.

0

Answer 3

darkpaw OP

Apr ’25

Sorry, it's still not a developer question. You're asking for support with an app, not with how to write code.

While your question may be technical, that doesn't mean only developers can answer it.

0

Answer 4

Philippe_44 OP

Apr ’25

I’ve asked as well on the app support forum. As a dev, I often answer questions on my github that are config or usage related. And yes, these are my apps so it’s different but these questions are normally asked on dedicated support forums not on GH.

Anyway, I’m not sure we need to make a big fuzz about that, let’s say then that my ask to devs in general here, related to my issue, is

”please don’t do the same in your apps and make sure that when you use certs, you don’t forbid use of IP-addresses directly”.

0