DoH and DoT unsigned on iOS

randyjc

Hello,

Yesterday, I was in contact with support (@girish), and I'm trying to get DoH and DoT to work on my device. It does work, but when importing the configuration file, it complains that it is unsigned. Despite the complaint, the DNS requests are coming through. However, the fact that it is unsigned makes me a bit uneasy about the security of the data.

We have checked the certificates for the wildcard domain, and they are properly set, so it should work as designed. However, I was wondering if more people are experiencing this issue, or if it's happening only to me.

Kubernetes

Hi @randyjc

I think this is not related to the SSL Certificate, but to the Signature of the Profile. I don't know how such a iOS Profile could be signed properly, but I think to achieve this an Apple Developer Account might be required?

On my devices it is exactly the same behavior as on yours.

lukas

same here and working on my iOS devices

randyjc

@Kubernetes said in DoH and DoT unsigned on iOS:

Hi @randyjc

I think this is not related to the SSL Certificate, but to the Signature of the Profile. I don't know how such a iOS Profile could be signed properly, but I think to achieve this an Apple Developer Account might be required?

On my devices it is exactly the same behavior as on yours.

@lukas said in DoH and DoT unsigned on iOS:

same here and working on my iOS devices

Thanks all for checking, in that case I just leave it be then.

girish

@randyjc Does Cloudflare DoH endpoint work ? I think the URL is https://cloudflare-dns.com/dns-query

randyjc

@girish

I got the same unsigned message, but I'm not sure if this is because I initiate this via my own adguard site by changing the hostname

I do however got some other info via https://github.com/paulmillr/encrypted-dns#signed-profiles

necrevistonnezr

Was someone able to resolve this?
The profiles are unsigned for me, too, which would require manual re-deploying (and remembering to do so!) a profile after 90 days…