All the HTTP Clients allow access to HTTPS web services with self-signed certs, by letting the user explicitly addd and confirm trust in the unverified certificate. I would like to implement something similar in my app.
This concerns a Home Automation app, connecting to IoT devices/accessories for bathrooms and Kitechens on the local network. We would like to use secure connections. The situation:
- The devices do not have SSL certs from a trusted authority, as each device needs to have their own certificate. We do have a CA authority that is Private and issues the device certificates along with Intermediate certificate. How do we install and trust certificates from a Private CA?
What I would our app to ask the user if it should trust the certificate on the device. It should ask this only once when connecting to that device for the first time, then store the certificate and on each subsequent session verify the cert to prevent Man-in-the-middle attackers using a substitute certificate.
We have Root CA certificate and an Intermediate Certificate that needs to be trusted. Everytime is install these certificates on my iPhones I cannot see them in About > Certificate Trust Settings, but I can see them in Profiles of the iOS settings, where it shows the profile as unverfied.
UPDATE:- I now have Company Root CA Certificate installed, as well as Company Issuing CA and Company Intermediate CA certificate installed and all are shown as verified. I have tusted the Company Root CA in Certificate Trust Settings. But our iOS app is still not able to communicate with the devices using SSL, getting error:
"An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9802, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?
What am I missing now?