Unsigned Freedome profile in iOS 8

Highlighted
F-Secure

Unsigned Freedome profile in iOS 8

As many of you have noticed, the new Freedome VPN profile on iOS 8 shows up as unsigned.

 

In the past, VPN profile files were downloaded from our servers. Starting from Freedome 2.0, iOS VPN profiles are set up by our Freedome app. Profiles configured by apps cannot be signed, since they are configured directly instead of being downloadable files, and that naturally applies also to this profile.

 

We decided to move to application-configured profiles to achieve better usability. With this approach the user can turn the Freedome VPN on and off through Freedome's own user interface. It is no longer necessary to go to the iOS settings to turn our product on and off.

 

The unsigned profile doesn't weaken the security of our product; it is configured directly by the signed application itself, and the connection is still as strongly protected as it has always been.

 

Our profile originally contained a client certificate signed by our initial "Demo Client CA". The CA name has now been changed to "Freedome Clients", which should reduce confusion. The new CA shows up in new VPN profiles installed after 2014-09-24.

--
Tapio Keihänen
F-Secure Freedome Service Manager