iOS Development Pro Tip for Private CA Usage
Published on 03/22/2019, 190 words, 1 minutes to read
In iOS, in order to get HTTPS working with certs from a private CA; there's another step you need to do if your users are on iOS 10.3 or newer (statistically: yes this matters to you). In order to do this:
- Ensure they have installed the profile on their device
- Open Settings
- Select General
- Select Profiles
- Ensure your root CA name is visible in the profile list like this:
- Go up a level to General
- Select About
- Select Certificate Trust Settings
- Each root that has been installed via a profile will be listed below the heading Enable Full Trust For Root Certificates
- Users can toggle on/off trust for each root:
Please understand that by doing this, users will potentially be vulnerable to a HTTPS man in the middle attack a-la Superfish. Please ensure that you have appropriate measures in place to keep the signing key for the CA safe.
I hope this helps.
Facts and circumstances may have changed since publication. Please contact me before jumping to conclusions if something seems wrong or unclear.