One potential "solution" might be to create the CA, sign the server certificate and then delete the CA key, as it would not be needed and would live for a shorter time (lower chance to get stolen). Why did I do it - I just need to install the single certificate and I don't want to totally compromise my iPhone security, if my CA credentials got stolen.ĭo this have a solution? iOS probably requires a CA to trust a certificate, but I don't want a possibility to create certificates at all (beside the one), or at least for another domains. That's the reason it does not show in the CA Trust settings. BUT I deliberately made the certificate with critical,CA:false constraint. Normally, you would go to CA Trust settings and enable full trust for the certificate. When I install the profile (that's what they call the certificate), it says "Not verified". However, I cannot just install the self-signed server certificate on my iPhone. I have a server and I want my iPhone to connect to it securely.
0 kommentar(er)
