简体繁体 English

如何在iOS 10中安装自签名证书

[英]How to install self signed certificate in iOS 10

原文 2017-02-25 11:20:29 9 2 ios/ ssl-certificate/ self-signed

It appears that Apple has removed the ability to trust SSL certificates that are self-signed in iOS 10. Apple似乎已经删除了信任在iOS 10中自签名的SSL证书的功能。

I created my own self-signed certificate and have a local web server that signed with my certificate. 我创建了自己的自签名证书，并拥有一个使用我的证书签名的本地Web服务器。 I must install my certificate in iOS for testing locally as I have developed an iOS application that needs to trust my certificate. 我必须在iOS上安装我的证书才能在本地进行测试，因为我开发了一个需要信任我的证书的iOS应用程序。

How can I install my self-signed certificate? 如何安装自签名证书？

2 个解决方案

Good news, they haven't. 好消息，他们没有。 If you just need this for development purposes, which it sounds like you do (and you shouldn't be using self-signed certificates in production anyway), you can install the self-signed certificate on your iOS devices manually. 如果你只是需要这个用于开发目的，听起来就像你那样（并且你不应该在生产中使用自签名证书），你可以手动在iOS设备上安装自签名证书。 Following the equivalent FAQ for my iOS Web Bluetooth browser app: 遵循我的iOS Web蓝牙浏览器应用程序的等效常见问题：

Create your self-signed certificate and key files using openssl or however. 但是，使用openssl创建自签名证书和密钥文件。 Be sure it has the correct /CN “Common Name” for your local server, eg mycomputer.local . 确保它具有本地服务器的正确/CN “Common Name” ，例如mycomputer.local 。
Configure your webserver to use it (obviously) and check that it is working using a different client, such as a browser on a Mac. 配置您的网络服务器（显然）使用它并检查它是否正在使用其他客户端，例如Mac上的浏览器。
Email your certificate to an email address you can access on your iOS device. 将证书通过电子邮件发送到您可以在iOS设备上访问的电子邮件地址。
Tap on the attachment in Mail on your iOS device, this should now prompt you to install it. 点击iOS设备上Mail中的附件，现在应该提示您安装它。 Do so. 这样做。
You should now verify that it is installed by going to the Settings app then General -> Profile -> <Common Name> . 您现在应该通过转到设置应用程序然后General -> Profile -> <Common Name>来验证它是否已安装。 The Profile menu probably won't be there at all until you've installed the first certificate. 在安装第一个证书之前，“配置文件”菜单可能根本不存在。 The certificate should be marked Verified (it was verified by you when you installed it). 证书应标记为已验证（安装时已经过验证）。
You might, like I did, have thought this would be enough. 你可能像我一样，认为这就足够了。 It isn't. 事实并非如此。 You now, really counter-intuitively, need to go to the setting General -> About -> Certificate Trust Settings and enable full trust for your certificate there as well. 您现在真的反直觉地需要转到设置常规 - >关于 - >证书信任设置，并在那里启用对您的证书的完全信任。 It's such a weird place for that setting to be. 对于那种环境来说，这是一个奇怪的地方。

The installation of own root certificates changed at some point (maybe somebody can confirm, if it was at iOS 11). 自己的根证书的安装在某些时候发生了变化（也许有人可以确认，如果是在iOS 11）。

What you need to do is with your Mac, get Apple Configurator 2 and create a profile containing your certificate. 您需要做的是使用Mac，获取Apple Configurator 2并创建包含证书的配置文件。 The resulting mobile profile file can be installed from Safari or email. 生成的移动配置文件可以从Safari或电子邮件安装。