Can not remove SSL certificate on iPhone 6 - iOS10.2

Only one iPhone is having this issue.
We manage access to our email and internal site via SSL certificates.
These are installed through Airwatch MDM profiles.

Usually, if I remove an iPhone from Airwatch, it will delete all certificates and profiles on that device.
However, for this phone, it appears that all certificates are removed (Settings -> General -> Profiles does not exist) but the phone can still access the internal site.

If I clear out Safari's history and website data and I then try to access the site, it will prompt for the certificate by name (user@domain.com) and selecting it opens the site.

List of what I've tried to remove this certificate:
Go to Settings -> General -> Profiles (this option does not exist)
Clear out History and Website Data for Safari
Reset Network Settings
Reset All Settings

An annoyance caused by this, is that when I install the Email profile which contains the certificate from Airwatch, the device now has two of the same certificate. So whenever the user attempts accessing the site, he is prompted to select which of the two he wants.
This prompt also appears if the site has been unused for about 5 - 10 minutes.

Any ideas on how I could either:
1. Remove the duplicate certificate stored on the device or
2. Force Safari to use one of the certificates without prompting the user
SeeDkAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
btanConnect With a Mentor Exec ConsultantCommented:
Thanks for sharing, seems like the time to find root cause is not worthwhile and rebuild may be still the way eventually if the device is going to be reuse.
0
 
Steven WallaceIT Support TechCommented:
What iOS version is the iPhone?
0
 
SeeDkAuthor Commented:
It is version 10.0.2
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
ArneLoviusCommented:
I would guess that the phone has had the certificate deployed by some other means.

I would probably wipe the phone and re provision from scratch, not restoring a backup, this would however dump text messages etc, which may not be desired.
0
 
btanExec ConsultantCommented:
The certificate should gone if the profiles going with is removed. I am suspecting if the ssl certificate is tied to no profile hence removal of profile will not work in such cases. So I am thinking if this manual removal is as follows

-Delete the SSL certificate by going to Settings → General → Reset → Network Settings.

But for profile based removal, the manual mean is below on top of the MDM command.

-On your iPhone, click on the "Settings" icon in the main menu screen. Select "General" from the list of options that appear in the drop-down menu.

-Select "Profiles" from the list of options that appear and a list of all the certificate on your iPhone will appear on screen.

-Scroll through the list of certificates until you come to the one you would like to remove from your iPhone and click the "Remove" button on the screen. The certificate will then be removed. Repeat the process for any other certificates you would like to remove.

Another check is maybe try SSL detective to see all the certificate and confirm if there are indeed duplicates

https://twocanoes.com/products/ios/ssl-detective
0
 
SeeDkAuthor Commented:
@ArneLovius
Not sure what other means it could be unless someone tampered with his phone. Yeah, I considered deleting everything as a last resort. This is very undesirable though, since even restoring from a backup can't be done.

@btan
It is definitely tied to a profile. I can see the profile and attached certificate in the Airwatch admin console.
I also see it in Settings -> General -> Profiles when the profile is installed on the phone.
However, when the profile is removed, Settings-> General -> Profiles does not exist anymore.
It was also not showing in SSL detective when the profile is removed. The device can still access the internal site though.
On a different iPhone with the same iOS, when I remove the profile, the internal site is no longer accessible because the certificate is completely removed as expected.
0
 
btanExec ConsultantCommented:
It looks like the device has some caching at the network. I suggested in last post on below. But note that this also resets the rest of your network settings. Maybe better to move forward in this and if it still recur then better to take the last resort to reset device.

Delete the SSL certificate by going to Settings → General → Reset → Network Settings.
0
 
SeeDkAuthor Commented:
I already tried both
Reset Network Settings
Reset All Settings

and the certificate still remains...somewhere.
0
 
btanExec ConsultantCommented:
Suggest to revoke existing certificate and push down another new certificate instead. If the login is still possible (given some time for revoke cert to be published) then attempt to delete will not make any difference.
0
 
SeeDkAuthor Commented:
When I revoke the certificate, it only breaks access to the email (since the email profile uses the same certificate as the site).
But the cached certificate still exists, since the phone can still access the site.

It seems I've completely lost access to the cached certificate from Airwatch.
0
 
btanExec ConsultantCommented:
If another new profile (for another user) is created for this device, and re-established the email connection and remove the profile,  will the connection be disallowed as desired? If it is the same, I do suggest rebuild this device instead since even AirWatch unenroll of the device did not remove the certificate as expected.
0
 
SeeDkAuthor Commented:
It is the same. Fortunately, the user will be getting a new phone soon so we will just wipe the device after that if no other solution is found.
0
All Courses

From novice to tech pro — start learning today.