How to install self signed CA root certificate on iOS 13 simulators

My test HTTP server uses a certificate signed by my self signed CA certificate.


In order for my iOS device to connect to this server I need to install my CA's root certificate. I've been using recommendations here, https://developer.apple.com/library/archive/qa/qa1948/_index.html, to successfully install the CA root certificates on iOS devices and simulators for several years.


However with iOS 13, I don't seem to be able to install the CA certificate on iOS simulators any more. Still works on iOS 13 devices. When I drag my CA's .cer file onto an iOS simulator Safari opens an appears to start to load the file. However, the Settings app does not get opened and if I open the Settings app I no longer see my certificate listed under General / Profiles.


Is this a bug? Has the procedure for installing certificates to a simulator changed? Is anyone else running this issue?


Thanks.

Replies

I'm having the same issue. I can install the certs on older iOS Simulators but on iOS13 Simulators nothing happens when dragging the cert to the device.


Has anybody found a way to make this work or has Apple acknowledged they know of this problem?

I am still consistently seeing this issue when I try to drag and drop a .cer file onto my simulators per the instructions in https://developer.apple.com/library/archive/qa/qa1948/_index.html. However, if I put my .cer file on a webserver an navigate to it using safari in the simulator, the profile installation process happens as expected.


The drag and drop method tries to open the .cer file using the file:// scheme. The iOS 13 release notes do not specifically mention that loading a .cer file using the file:// scheme has been dropped, but they do mention changes to what file:// urls can do.


https://developer.apple.com/documentation/ios_ipados_release_notes/ios_13_release_notes?preferredLanguage=occ


"Removed support for FTP and File URL schemes for Proxy Automatic Configuration (PAC). HTTP and HTTPS are the only supported URL schemes for PAC. This affects all PAC configurations including, but not limited to, configurations set using Settings, System Preferences, Profiles, and

NSURLSession
APIs such as
connectionProxyDictionary
and
CFNetworkExecuteProxyAutoConfigurationURL
. (28578280)"


PAC isn't directly related to ca certs but perhaps this bug was introduced with those changes.

I'm assuming that you are using xcode simulator on Catalina.

This is due new security feature with Catalina.

You have to grand permissions xcode simultor to reach 3 D user folders (Desktop, Documents and Downloads) however it is not possible yet. So best way to workaround this, place your files in to /User/Shared or any other folder then 3 D user folders and drag&drop on to iOS Simulator.

I've tested myself which works as exppected if files are not located on 3 D User folders.

Awesome, thanks! Apple really should add this information to https://developer.apple.com/library/archive/qa/qa1948/_index.html


Cheers!

Wonderful! I agree this should be added to the documentation link

Hi,

this is How we managed to go around this issue:
  • Have your certificate(s) available through a web link for download

  • Copy/paste link in Safari on the Simulator

  • The Certs will be copied/downloaded to the Simulator (Allow your Certs.)

  • On the the Simulator, go to General -> About -> Certificate Trust Settings -> “Enable Full Trust for Root Certificate” for your particular certificate

You need to repeat this for EVERY certificate needed.

Thanks to Nish Abe for part of this fix!



Hope this helps
@NicVerret, thanks for sharing this, are you able to also share how you configure to "Have your certificate(s) available through a web link for download"? Such as what technology you used to set it up, is it a static content serving web server? Thanks
  • put your certs to any remove file store, i put them to my google drive
  • share this folder via shared link
  • open safari on the simulator and open this shared link
  • download cert from the cloud store and safari will ask u to install profile
  • allow this installation
  • open settings on the simulator and go to the General section
  • select a device management option
  • install your previously downloaded cert
  • go back to the General and open About -> Cert trust settings
  • toggle your previously installed cert

that's all