This morning I received the following alert on my iPhone (and yes, I do have 708 unread emails)

While the alert complained about the identity of "prc.apple.com", when I clicked on "Details", it referred to "instant.arubanetworks.com". Was the prc.apple.com certificate signed by arubanetworks?

I clicked on "More Details", and the following Subject Name and Issuer Name information popped up.

Scrolling down, I see the details of the signing algorithm: SHA-1.

Given that SHA-1 has been compromised (Announcing the first SHA1 collision), an untrusted certificate alert from a SHA-1 certificate had me concerned.

In the end, as is too often the case in security, I was left with lots of questions.

• Was there a verification problem with the "prc.apple.com" certificate or "instant.arubanetworks.com" certificate?
• Was the prc.apple.com certificate faked and signed with a bad instant.arubanetworks.com certificate?
• Was there a man-in-the-middle attack?
• Was Apple's software just buggy and in reality everything was fine?
• Was there a problem, but Apple's alert identified the wrong certificate that was having problems?
• What the heck Aruba? You are all about the IoT and you use SHA-1? Don't we already have enough troubles with IoT?