Why does Google's Chrome Browser on iOS shows Certificate errors?

Article #:

Product

Castle

1850

Guardian

All

Summary

Installing the Certificate Authority to Apple iOS devices to resolve certificate warnings when browsing.

Problem

The Google Chrome browser on Apple iOS devices (iPhone, iPod, iPad) shows certificate warnings or reports that it "cannot connect to the real website". This happens when either using HTTPS Inspection on Smoothwall, or when browsing to HTTPS blocked sites.

On many platforms this can be resolved by installing the Smoothwall HTTPS Inspection Root Certificate Authority (CA) certificate on the device or browser, but Chrome on iOS does not use the system root certificate store, and does not provide a method to manually trust a CA.

This issue cannot be avoided on Chrome, and the Google Chrome development team (Chromium) have are unable to resolve this (http://code.google.com/p/chromium/issues/detail?id=152584).

Note: Safari browser users, and many other apps on iOS devices, do use the local certificate store, so once the root CA is downloaded from Smoothwall and installed on the device, users will not see warning messages.

Solution

1. Download the CA from Smoothwall — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/httpssettings.htm
2. Send the CA to the user, either by email or by means of an external storage device.
3. Ask the user to open the file.
4. iOS prompts if they want to install the CA, and to input their passcode if they have one.
5. If the CA was downloaded with a passcode, enter it and continue.

At the time of writing, it is not recommend using the Chrome browser on iOS with HTTPS Inspection enabled for this reason. Users will still see certificate validation errors for blocked HTTPS websites, however this does not affect their ability to browse the web.

Alternatively, our HTTPS Interception article provides another means of installing the certificate by having the user do it themselves without your assistance.

Attribution:

Last updated:

Author:

Contributions by:

29 July 2016

 

DMT

SN

 

 

Copyright © 2000-2016 Smoothwall All rights reserved.