问题:

I've got several hundred users on this enterprise app. I've got 2 which are throwing a NSURLErrorServerCertificateUntrusted and won't talk to the server. I've checked the server and the cert is valid, but that didn't surprise me because this issue only impacts these 2 users.

• I've had them check date/time on their iPads and they are set correctly and automatically.
• I've had them connect try through both cell network and a local WiFi hotspots. It seems unlikely these two users are always being targeted by a man in the middle attack.

This Question never got an answer and Apple's TN2232 document on Trust offered some common issues, but hasn't gotten me to a resolution yet since mostly these things would impact all users, not just a couple.

• missing issuer certificate — For any given certificate (except the trusted anchor), the system must be able to locate the certificate of the issuer.
• date problems — For any given certificate, the verify date must be within the certificate's valid date range.
• self-signed certificate — For any given certificate, if the certificate is self-signed, it will cause evaluation to fail (unless it's a trusted anchor). no trusted anchor — The system must be able to follow the path of issuer certificates leading to a trusted anchor.
• DNS name mismatch — The DNS name that you're trying to connect to must match the name in the server certificate, as described in the previous section.

Any ideas on what is causing this and how to resolve it? Yes, I could just bypass the security and trust my domain, but that's not really an option I'm willing to entertain.