iOS 18 has new issue with self signed SSL certificate

Same problem.

Same problem

Same problem. I also have same error, and it worked fine on ios 17. Can someone tell us what this error means?

I resolved it replacing certificate

same problem. reinstalling the mobileconfig with the certificates in it did not solve anything. also installing the root certificates seperately doesnt change it. there is just nothing listed anymore in the trust certificate store

Same problem - same exact error, however my cert is not self-signed, its a legit cert from LetsEncrypt. Worked in all previous iOS versions for decades, still works on MacOS. But iOS18..... no more email.

I had the same issue with dovecot on openbsd using a LE cert updated with acme. In my case the cert was getting refreshed properly but wasn’t picking it up (using openssl s_client to test). The cert presented was expired. Restarting dovecot fixed it for me.

Having this issue with a LetsEncrypt cert. I can’t even get to the site since I get told to click here if I understand the risks. I click and nothing happens….

Makes it hard to test things. :-)

The solution is this:

First, generate your own CA Certificate and install it on your phone.

Create a new signing request with a Subject Alternate Name record. iOS requires a SAN record and if it's not present, you'll get 9808.

Once you do this, it will work as expected.

I've been experiencing this issue since the initial release of iOS 18, and it persists through subsequent updates. The most recent version I tested was iOS 18.2 beta 4. The result is always the same: using self-signed certificates does not work (-9 808) with the default Mail app. On the server side, I’m using Linux with Sendmail and Dovecot. Is there any official statement from Apple regarding this issue? A response would be greatly appreciated, considering how long this problem has been ongoing.

Previously, self-signed certificates worked seamlessly with the iOS stock Mail app. However, since version 18, something appears to have changed, causing them to stop working, with error code (-9 808). After wasting a significant amount of time troubleshooting, I managed to resolve the issue, largely thanks to the previous recommendation by .

The solution involved regenerating the server certificate with SAN (Subject Alternative Name) records. Then, installing the updated certificate on the phone and removing and re-adding the mail account seemed to do the trick, at least in my case. **_ If Apple has indeed changed the requirements for self-signed certificates, this should be explicitly communicated to users, in my opinion._

Similar issue. iOS Mail has stopped working with update to iOS 18. Connects to Dovecot server on internal network using WiFi or VPN. Existing mail accounts get the "Cannot Get Mail" error, "bad certificate format" -9,808.

The server certificate was working with iOS 17 and has SAN fields for DNS and IP set. Root CA certificate installed on iPhone and trusted.

I deleted and reinstalled one of the email accounts on the iPhone. For the reinstalled account, I don't get a -9,808 error in the Mail app, instead the app shows "No Mail" and the server's mail log has hundreds of entries like: : Dec 6 15:40:23 mailsrvn2 dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=192.168.5.52, lip=192.168.2.21, TLS handshaking: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46, session=<6R1H1ZsoDv/AqAU0>

Just upgraded to 18.2 hoping this bug would be fixed. Alas no. Tried reinstalling certificate issuing and root CA cert (Digicert) and still we see the same error trying to connect to the mail cache on the LAN (using a local IP address, not the name in the server cert).

This post was removed but I can't imagine why :-) They remove my posts fast, but wish they would address this issue just as quick. I have been an Apple guy my entire career spanning back to 1984.

I have tried it all, and to no avail. What's really strange is that I I have 3 other IMAP accounts on the same device that work just fine. Just this one domain with issues. It's a very important account, and I am forced to use webmail if not near my MacBook Pro. That means no realtime alerts when mail arrives etc.

The settings are IDENTICAL to my other imap accounts so any further trouble shooting seems pointless without Apple's guidance. But so far I have not seen one solution offered by Apple.

Now, let me whine some more because it's a form of therapy art this point.

I run the beta software and patched as recent as this morning 12/19/24. I hope with each patch that it will solve the issue but no.

Somehow Apple seems to not care about the issue or its user urgency. This has been going on for a while now and only seems to have gotten worse.

Works fine on the MacBook Pro, but the iPhone 15 is shit out of luck.

I've deleted the account, re added it, rebooted and still the same persistent issue. Tried both / & \ in advanced settings, nope nope nope...

Maybe it's time for an android and man I hate to say that, but Apple needs to address this mess. The designers choice of tools yet, Apple is dropping the ball on the support end.

Please APPLE. This should be a slam dunk fix since you have been aware of it dating back a couple years.

Help, please help!

I am having the same issue with a system that has been running fine for over a year. All the error messages that are shown here are coming up in my logs and on my iPad and Iphone.

Is this working for anyone? If apple feels this is working please point us to a document that outlines the requirements for the authentication to work. (versions, process and correct settings) I have wasted the best part of 3 weeks trying to resolve this for my users and have no progress to speak of at this point. The server with Dovecot, Postfix and OpenSSL has been running for years.