Hello,
I have my own SHA256 certificate which I use for signing the certificates which are used on my own servers (HTTPS and SMTPS). Under iOS 10 and earlier I installed the certificate by downloading it and it installing it like you would do a normal mobile configuration profile and it appeared under Settings, General, Profiles. Under the iOS 11 GM the certificate downloads and installs in the same manner as before but with the additional security of iOS 11 (and newly installed certificates under iOS 10.3.3 IIRC) you need to switch on the trust of newly installed root CAs in Settings, General, About, Certificate Trust Settings. However, my own root CA is not appearing in the list there. Others which were installed as part of managed wifi profiles are in that list but not my own one. My best guess is that because my certificate is "untrusted" it doesn't appear but as the certificates for the managed wifi profiles were introduced as part of a properly signed mobileconfig profile they do appear. Seems a little chicken and egg to me. Has anyone else tried installing their own root CAs? If so did you get it working?
Yes, I know I *could* get a certificate signed by Let's Encrypt or similar but I'd like to get my own CA working again.
Thanks, Alec
I have my own SHA256 certificate which I use for signing the certificates which are used on my own servers (HTTPS and SMTPS). Under iOS 10 and earlier I installed the certificate by downloading it and it installing it like you would do a normal mobile configuration profile and it appeared under Settings, General, Profiles. Under the iOS 11 GM the certificate downloads and installs in the same manner as before but with the additional security of iOS 11 (and newly installed certificates under iOS 10.3.3 IIRC) you need to switch on the trust of newly installed root CAs in Settings, General, About, Certificate Trust Settings. However, my own root CA is not appearing in the list there. Others which were installed as part of managed wifi profiles are in that list but not my own one. My best guess is that because my certificate is "untrusted" it doesn't appear but as the certificates for the managed wifi profiles were introduced as part of a properly signed mobileconfig profile they do appear. Seems a little chicken and egg to me. Has anyone else tried installing their own root CAs? If so did you get it working?
Yes, I know I *could* get a certificate signed by Let's Encrypt or similar but I'd like to get my own CA working again.
Thanks, Alec
