Strange Certificate Warning

This morning I received the following alert on my iPhone (and yes, I do have 708 unread emails)

While the alert complained about the identity of "", when I clicked on "Details", it referred to "". Was the certificate signed by arubanetworks?

I clicked on "More Details", and the following Subject Name and Issuer Name information popped up.

Scrolling down, I see the details of the signing algorithm: SHA-1.

Given that SHA-1 has been compromised (Announcing the first SHA1 collision), an untrusted certificate alert from a SHA-1 certificate had me concerned.

In the end, as is too often the case in security, I was left with lots of questions.

  • Was there a verification problem with the "" certificate or "" certificate?
  • Was the certificate faked and signed with a bad certificate?
  • Was there a man-in-the-middle attack?
  • Was Apple's software just buggy and in reality everything was fine?
  • Was there a problem, but Apple's alert identified the wrong certificate that was having problems?
  • What the heck Aruba? You are all about the IoT and you use SHA-1? Don't we already have enough troubles with IoT?