IOS – How to trust a self-signed certificate in iOS 10.3

ioskeychainSecurity

With iOS 10.3 Apple changed the mechanism for trusting a self-signed certificate. Before you simply just send the PEM file to your phone and it would install as a profile and the certificate would be trusted. Now that's no longer the case as even after installing the certificate, the cert is not trusted.

Even when I use Apple Configurator to make a profile that trusts my cert, it still doesn't behave as trusted on the system.

How do I trust a self-signed certificate in iOS 10.3?

Best Answer

I've identified that the specific parameter that Apple looks for when allowing you to manually trust a certificate is the CA Basic Constraint (E.G. critical,CA:true). If the certificate has this extension, the system will allow you to manually trust the certificate.

However the process has one extra step (as opposed to iOS 9.3):

  1. Export the certificate as PEM format
  2. Send the certificate to the device (Safari, Email, AirDrop, etc...) and open it
  3. A message will appear telling you the profile has been downloaded. modal message reading "review the profile in the settings app if you want to install it"
  4. Open the settings app and tap the "Profile Downloaded" item below your Apple ID row. ios settings app
  5. Install the Certificate. You will have to provide your devices passcode. example certificate install prompt
  6. Navigate to Settings -> General -> About -> Certificate Trust Settings
  7. Enable full trust for your certificate certificate trust settings
Related Question