iOS 12 / macOS 10.14+ and self-signed certificates
Starting with iOS 12 and macOS 10.1414, introduceApple morerejected secured rules ;server certificates mustthat be generated from at least a 2048-bituse RSA keykeys ;smaller certificatesthan generated2048 frombits. aIn 1024-bitFileWave keyenvironments, willthis bemost rejectedoften byaffects theolder device.self-signed certificates, especially on servers originally set up before FileWave 9.0.
If youyour areFileWave usingserver uses a trusted CA CA-issued certificate, youor shoulda beself-signed fine, most of the certificates you get on the market are fulfilling this requirement ; if youcertificate generated your certificated withby FileWave 9.0 or later, you shouldare betypically goodalready as well, since inmeeting this version the key used to generate certificates isspecific 2048-bit. If you are running a FileWave installation which has been setup before FileWave 9.0 with self signed certificate, or if you are using a 1024-bit keykey-size issued certificate, you need to update your setup to have iOS 12 devices trust your server.requirement.
How to check the certificate RSA key size:size
macOS, Linux:
openssl x509 -in /usr/local/filewave/certs/server.crt -text -noout | grep Public-Key
WindowsWindows:
C:\OpenSSL-Win64\bin\Win64in\openssl.exe x509 -in C:\ProgramData\FileWave\FWServer\certs\server.crt -text -noout | FINDSTR Public-Key
Windows does not haveinclude opensslOpenSSL installedby as standarddefault, so you willmay need to goinstall toit first. One common source is https://slproweb.com/products/Win32OpenSSL.html and download the appropriate version ofWin32/Win64 OpenSSL for your environment..
Recommended solution:solution
UseThe best long-term fix is to use a thirdroot-trusted party,certificate trustedfrom a Certificate Authority. MostIf organizationsyou already have a wildcard certificatecertificate, (you may be able to use that for instance *.acme.org), installing this certificate on "filewave.acme.org" will make your serverFileWave trusted automatically. If you don't have a certificate, several CAs provide SSL certificates which are trusted by Apple, Google or Microsoft.server. For more informationguidance, about these trusted certificates please readsee thisRoot KBTrusted articleSSL Certificate (Using and Renewing).
Self-SignedIf solution:you must stay self-signed
IfRenew youthe decide to staycertificate with a self-signed2048-bit certificate,RSA key or larger, then make sure devices trust the new certificate before you don't have another choice than renewingswitch the certificate ; please read this KB article on howserver to renewit. The safest order is:
The best approach would then be:
For the detailed renewal steps, see Renew FileWave Server Self-signed Certificate. KB article:
If you haveare aspecifically pre-FileWaveworking 9.0through iOS trust behavior for self-signed certificates, Renew MDM self signed SSL certificate andwith iOS devices is also useful.
If devices have already upgraded toand iOSno 12,longer trust the only way to recover, assuming you can't use trustedold certificate, isrecovery tomay require manually addinstalling and trusting the new certificate inuntil thenormal trustcommunication storeis restored.
Newer Apple releases introduced additional certificate requirements beyond key size. If you are troubleshooting iOS 13, macOS 10.15, or later, also review SSL Server Certificates - iOS 13 and givemacOS it permissions for SSL.10.15.