I have a self-signed certificate at the endpoint of my API. I'm trying to test some things using the simulator but am getting "untrusted server certificate".
I have tried to use safari on the simulator to download the .crt file, but that doesn't seem to work.
Where does iPhone Simulator get its keychain from? How can I add a trusted certificate so my application will work?
UPDATE
I got it to work by creating a CA and then adding a CA certificate using the iPhone provisioning tool. Then I was able to have a certificate signed by that CA certificate on the API server and the NSConnection just worked. I was not able to get it to work using a self-signed certificate for some reason. I need to re-attempt this using the provisioning software.
My real question is how do I get this to work on the simulator? I would think that the simulator uses the keychain of the actual computer.
Just for Info, if someone still runs into that problem:
simply drag & drop your .cer Files into your running Simulator window. You'll see Safari flashing and then the import dialog for your Certificate (or Certificate Authority)...
Working for iOS 7 Simulator (and i Think did work for iOS 6 too).
For those who find that the dragging and dropping of the certificate on the Simulator isn't working, there was a recent change that adds an extra step.
The Simulator must be explicitly told to trust the root CA. Do this by going to:
General -> About -> Certificate Trust Settings -> "Enable Full Trust for Root Certificate" for your particular certificate
See the full answer here:
Take a look at the shell script Charles uses to install their self signed cert into the simulator's keychain. http://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/
See also:
- iPhone TrustStore CA certificates
- http://redgreenrefactor.eu/blog/testing-https-on-iphone-simulator/
It looks like installing your own certificate in the simulator may require installing it on a device via Safari and then copying the resulting row from the device's TrustStore.sqlite3
into the simulator's.
I had this same issue for months and today I FINALLY solved it with:
ADVTrustStore
You are going to want to use a project called ADVTrustStore from github. It does some fancy magic but it will correctly install certificates into your root trust-store on the simulator.
Steps to install a custom cert
# Clone the repo
git clone https://github.com/ADVTOOLS/ADVTrustStore.git
# Enter the repo directory
cd ADVTrustStore/
# Copy your .crt file
cp somewhere/something.crt my.crt
# conver to a .pem file
openssl x509 -in my.crt -out my.pem -outform PEM
# Install the pem in the simulators
./iosCertTrustManager.py -a my.pem
Using this process I was able to get GoogleStreetView images to render correctly while behind a corporate firewall using SSL resigning with self-signed certificates
Background
I was using CharlesProxy and i noticed it was correctly installing certificates into the Simulator but they did not show up in the Settings - Profiles section. Then after some searching I discovered this tool. There are probably a few other tools out there but in my case the drag-and-drop never worked correctly for all cases. Safari would be fine but not my applications.
Using iPhone Backup Extractor, I copied my iPhone's TrustStore.sqlite3
into ~/Library/Application Support/iPhone Simulator/6.0/Library/Keychains
, overwriting the existing file. I tried to only insert a single row with the following sqlite, but I couldn't get it working.
sqlite3 ~/backup/iOS\ Files/TrustStore.sqlite3
sqlite3>.mode insert
sqlite3>.output working.sql
sqlite3>select * from tsettings;
sqlite3>.quit
Now, working.sql
has the entire contents of the tsettings table (in my case, 1 row).
sqlite3 ~/Library/Application\ Support/iPhone\ Simulator/6.0/Library/Keychains/TrustStore.sqlite3
sqlite3>INSERT INTO tsettings VALUES(X'...
sqlite3>.quit
Again, the above sqlite commands didn't work for me, but might be a good starting point for someone else. Copying the entire TrustStore.sqlite3
from the backup into the simulator worked just fine.
Take a look at the iostrust
Ruby gem: http://github.com/yageek/iostrust