已安装 iOS8 自签名证书但仍不受信任 [英] iOS8 Self-Signed Certificates installed but still not trusted

问题描述

由于我无法控制的原因，我需要针对使用自签名证书的平台进行 iOS 开发.它是一个根证书，在其 SAN 中具有特定的 IP 地址.

For reasons out of my control, I need to do iOS development against a platform using a self-signed certificate. It's a root certificate that has a specific IP address in its SAN.

当证书在系统帐户下安装在 OSX 中时，所有浏览器现在都会信任对给定 IP 地址的任何访问.

When the certificate is installed in OSX under system account, all the browsers will now trust any visit to the given IP address normally.

将相同的证书通过电子邮件发送到 iOS8 设备，并完成安装和信任步骤，现在会在已安装的配置文件下列出证书.

Emailing that same certificate to an iOS8 device, and going through the install and trust steps now lists the certificate under installed profiles.

但是，在设备上，访问该IP地址仍然给出不可信警告.这包括 Safari 或 UIWebView 中的任何请求.

However, on the device, visits to the IP address still give the untrusted warning. This includes any requests in Safari, or an UIWebView.

如果证书已安装并且是一个好的证书(在 OSX 中有效)，为什么它不能在设备上运行?

If the certificate is installed and is a good certificate (works in OSX), why might it not work on device?

推荐答案

我认为这适用于 iOS 8 设备，但肯定适用于 iOS 10.

I think this applies to iOS 8 devices, but certainly to iOS 10.

除了从电子邮件安装它以显示在配置文件中之外，您还需要转到设置"中非常奇怪的隐藏常规->关于->证书信任设置"设置和为 root 启用完全信任"证书"为您新安装的证书.然后，所有在您设备上使用应用的 webkit 都应该信任该证书，而无需新的提示.

As well as installing it from the email so it shows up in the profile, you also need to go to the very oddly hidden "General->About->Certificate Trust Settings" setting in Settings and "Enable full trust for root certificates" for your newly installed certificate. Then all webkit using apps on your device should trust that certificate with no new prompting.

很奇怪吧.

这篇关于已安装 iOS8 自签名证书但仍不受信任的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！