0

iOS profile expired

Hey there, I've been using the nextdns iOS profiles for a few months now. But my wife was complaining about her phone having issues connecting to the internet at random times. So I took a look at the installed profile to see if anything was wrong. Turns out the nextdns.io certificate had expired a few weeks ago.

Shouldn't these certificates auto-renew or have a time-stamp that's years? I uninstalled the profile and reinstalled it and now the certificate is good until March, but this seems like a temporary fix. Any solutions/ideas? 

6replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Each profile is signed with a certificate that expires at some point, and there is no process to update this, so every signed .mobileconfig will have a signature that expires.

    As far as we know, there is no way around it, and it shouldn't have any effect at all (aside from showing as unsigned after a few months). Security wise, the signature matters on install only, as the it's impossible to modify a profile after installation.

    Like 1
  • That's interesting.   I just looked at mine and it too was expired.   However, I wasn't having any issues with it.

    I went through the process of creating a new configuration. Removed the old and installed the new. The new shows nextdns.io certificate will expire March 30, 2021.

    My previous one expired Jan 28, 2021, but like I said it didn't seem to create any issues.

    Like
      • fremdawg
      • fremdawg
      • 11 mths ago
      • Reported - view

      Calvin Hobbes yeah, that's exactly what mine showed as well. It might not have been the issue, we'll see. But it still seems odd that it expired. 

      Like
      • Leonard
      • Leonard
      • 11 mths ago
      • Reported - view

      fremdawg Even if you create your own mobileconfig  ( e.g. to use your own DOH or other company's  DOH ) without any certificate , it's work well too.  

      Like
      • fremdawg
      • fremdawg
      • 11 mths ago
      • Reported - view

      Leonard I don't follow what you mean by "it's work well too". Are you saying that if you create your own profile, or use your work profile it works well too? If that's the case, I don't see how that relates to my issue I'm raising about the profile expiring. 

      What I'm trying to solve is making sure my wife's iPhone works seamlessly with the nextdns profile, so when she's on wifi/cell it just works. So I'm trying to understand if the profile being expired was the reason for it not working proprerly. She hasn't raised as many complaints to me since this fix, so I'm kinda wondering if this is the issue. 

      Like
      • Leonard
      • Leonard
      • 11 mths ago
      • Reported - view

      fremdawg 
      "Are you saying that if you create your own profile, or use your work profile it works well too? "

      --> Yes, the  certificate is valid  or not would not have the impact on the iOS profile working.

      Since NextDNS has announced that they would introduce  ultra latency mode for the user in the early this year. They had made several  changes to make ultra latency mode work and and still improve it working better. I found NextDNS service sometimes work not stable during that times. For me, it work stable now.
      They asked user to  regenerate/reinstall the profile to enjoy Ultra Low Latency mode, please refer to here.  I am not sure that using old profile would it possible to make connection unstable under Ultra Low Latency mode?  Since you had used the new profile,  it seems to work well. Then we could wait for the  certificate expired to see if it would affect the profile working or not.

      Like
Like Follow
  • 11 mths agoLast active
  • 6Replies
  • 139Views
  • 4 Following