Secure DNS profile creator version 1.7.0

For iOS 14 or later and macOS 11 (Big Sur) or later

About Tool Finalize Source Code Legal Encrypted DNS Party




What does signing mean?

A profile can be signed to prevent them from being tampered with after creation. Also, when installing the profiles on a device, it will be marked as "Verified" and install without warning about profile signatures.

How does this work?

This website uses OpenSSL on the server to sign the created profile using S/MIME. The certificates used are saved on the server and issued by Let's Encrypt. The exact backend code can be found on Codeberg.

What happens when the certificate expires?

Let's Encrypt certificates are valid 90 days from the day of issue. When attempting to install a profile with an expired certificate, iOS/macOS will treat it the same as an unsigned profile. A profile that is already installed when the certificate expires will stay installed, but change status from "Verified" to "Unverified".
For further details, please see this issue.


What is the system scope?

The profile can be marked to use "system" as a scope. The exact effects of this depend on each single application.

Please see this GitHub issue for further information and discussion on the subject.