DoH and DoT unsigned on iOS
-
Hello,
Yesterday, I was in contact with support (@girish), and I'm trying to get DoH and DoT to work on my device. It does work, but when importing the configuration file, it complains that it is unsigned. Despite the complaint, the DNS requests are coming through. However, the fact that it is unsigned makes me a bit uneasy about the security of the data.
We have checked the certificates for the wildcard domain, and they are properly set, so it should work as designed. However, I was wondering if more people are experiencing this issue, or if it's happening only to me.
-
Hello,
Yesterday, I was in contact with support (@girish), and I'm trying to get DoH and DoT to work on my device. It does work, but when importing the configuration file, it complains that it is unsigned. Despite the complaint, the DNS requests are coming through. However, the fact that it is unsigned makes me a bit uneasy about the security of the data.
We have checked the certificates for the wildcard domain, and they are properly set, so it should work as designed. However, I was wondering if more people are experiencing this issue, or if it's happening only to me.
Hi @randyjc
I think this is not related to the SSL Certificate, but to the Signature of the Profile. I don't know how such a iOS Profile could be signed properly, but I think to achieve this an Apple Developer Account might be required?
On my devices it is exactly the same behavior as on yours.
-
@Kubernetes said in DoH and DoT unsigned on iOS:
Hi @randyjc
I think this is not related to the SSL Certificate, but to the Signature of the Profile. I don't know how such a iOS Profile could be signed properly, but I think to achieve this an Apple Developer Account might be required?
On my devices it is exactly the same behavior as on yours.
@lukas said in DoH and DoT unsigned on iOS:
same here and working on my iOS devices
Thanks all for checking, in that case I just leave it be then.
-
@Kubernetes said in DoH and DoT unsigned on iOS:
Hi @randyjc
I think this is not related to the SSL Certificate, but to the Signature of the Profile. I don't know how such a iOS Profile could be signed properly, but I think to achieve this an Apple Developer Account might be required?
On my devices it is exactly the same behavior as on yours.
@lukas said in DoH and DoT unsigned on iOS:
same here and working on my iOS devices
Thanks all for checking, in that case I just leave it be then.
-
@randyjc Does Cloudflare DoH endpoint work ? I think the URL is
https://cloudflare-dns.com/dns-query -
Was someone able to resolve this?
The profiles are unsigned for me, too, which would require manual re-deploying (and remembering to do so!) a profile after 90 days…
