This is a development instance of xesite. Things here are probably unfinished or in drafting. Don't take anything here super seriously. If you want to share this to an online aggregator, please don't. Drafts are not finalized yet for a reason. Please don't be the reason I need to implement more advanced security than just obscurity.

iOS Development Pro Tip for Private CA Usage

Read time in minutes: 1

In iOS, in order to get HTTPS working with certs from a private CA; there's another step you need to do if your users are on iOS 10.3 or newer (statistically: yes this matters to you). In order to do this:

  • Ensure they have installed the profile on their device
  • Open Settings
  • Select General
  • Select Profiles
  • Ensure your root CA name is visible in the profile list like this:

  • Go up a level to General
  • Select About
  • Select Certificate Trust Settings
  • Each root that has been installed via a profile will be listed below the heading Enable Full Trust For Root Certificates
  • Users can toggle on/off trust for each root:

Please understand that by doing this, users will potentially be vulnerable to a HTTPS man in the middle attack a-la Superfish. Please ensure that you have appropriate measures in place to keep the signing key for the CA safe.

I hope this helps.

This article was posted on M03 22 2019. Facts and circumstances may have changed since publication. Please contact me before jumping to conclusions if something seems wrong or unclear.

This post was not WebMentioned yet. You could be the first!

The art for Mara was drawn by Selicre.

The art for Cadey was drawn by ArtZora Studios.

Some of the art for Aoi was drawn by @Sandra_Thomas01.