User profile for user: keeema
keeema Author
User level: Level 1
11 points

How to Add a Self-Signed Certificate(not verified by third party) to iOS and mark it as Trusted?

Hello,

Within a local network, I need to access a local server over HTTPS which is not public and uses a self-signed certificate generated by openssl.


I need to install this certificate on iOS and mark it as trusted. Unfortunately, the procedure described on Trust manually installed certificate profiles in iOS, iPadOS, and visionOS - Apple Support cannot be used because the certificate does not appear in the "Enable full trust for root certificates" section after installation.


I tried installing the certificate by sharing it via AirDrop and by installing the certificate through a profile in the Apple Configuration tool.

In both cases, the certificate is installed but cannot be marked as trusted in the "Enable full trust for root certificates" section.


On macOS, I was able to install the certificate and mark it as trusted without any issues, and everything works as it should.


How can I achieve the same on iOS?



iPhone 15 Pro

Posted on May 27, 2024 5:49 AM

Reply
4 replies
User profile for user: SravanKrA
SravanKrA
Community+ 2024
User level: Level 10
411,746 points

May 27, 2024 6:10 AM in response to keeema

AirDropping the certificate itself might not work as expected. While it was a possible method in older iOS versions,current versions often don't recognize the raw certificate file and don't trigger the installation process.


AirDrop is designed for transferring standard file formats like images, videos, and documents. It might not recognize the certificate file format (usually .pem) as something to install.


Imp: Self-signed certificates bypass the usual security checks. Trusting them weakens security and should only be done on a closed, trusted network.


Here's how you can do this:

Installing the Certificate:

  1. Web Server Download: If possible, host the self-signed certificate on your local server. Access the server using Safari on your iOS device. The server should prompt you to download and install the certificate profile.
  2. Email Attachment: Alternatively, email the certificate file (usually in .pem format) to yourself. Open the email on your iOS device and tap on the attachment. This should initiate the certificate installation process.


Reply
User profile for user: keeema
keeema Author
User level: Level 1
11 points

May 27, 2024 6:28 AM in response to SravanKrA

Thank you for the response. Perhaps I did not express myself clearly.


I can install the .crt certificate on iOS. I did it via AirDrop, from Files, from Mail, and through the Apple Configurator tool, and in all cases, it gets installed. I can see it in the VPN & Device Management section.


The problem is that I cannot mark it as trusted in Settings > General > About > Certificate Trust Settings > Enable full trust for root certificates, and subsequently, I cannot access the server in Safari.


Reply
User profile for user: keeema
keeema Author
User level: Level 1
11 points

May 27, 2024 6:47 AM in response to Rkkeller8

I'm not sure what you're referring to now.


As I mentioned, I was able to install the certificate. Among other methods, I installed it through Files, which you mentioned. In all cases, I was successful.

My problem is not the installation itself, but that iOS does not allow me to "Enable full trust for root certificates".


Reply

How to Add a Self-Signed Certificate(not verified by third party) to iOS and mark it as Trusted?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up