Adding a self-signed certificate to iphone Simulator?

Question

I have a self-signed certificate at the endpoint of my API. I'm trying to test some things using the simulator but am getting "untrusted server certificate".

I have tried to use safari on the simulator to download the .crt file, but that doesn't seem to work.

Where does iPhone Simulator get its keychain from? How can I add a trusted certificate so my application will work?

UPDATE

I got it to work by creating a CA and then adding a CA certificate using the iPhone provisioning tool. Then I was able to have a certificate signed by that CA certificate on the API server and the NSConnection just worked. I was not able to get it to work using a self-signed certificate for some reason. I need to re-attempt this using the provisioning software.

My real question is how do I get this to work on the simulator? I would think that the simulator uses the keychain of the actual computer.

Answer 1

Just for Info, if someone still runs into that problem:

simply drag & drop your .cer Files into your running Simulator window. You'll see Safari flashing and then the import dialog for your Certificate (or Certificate Authority)...

Working for iOS 7 Simulator (and i Think did work for iOS 6 too).

Answer 2

For those who find that the dragging and dropping of the certificate on the Simulator isn't working, there was a recent change that adds an extra step.

The Simulator must be explicitly told to trust the root CA. Do this by going to:

General -> About -> Certificate Trust Settings -> "Enable Full Trust for Root Certificate" for your particular certificate

See the full answer here:

Answer 3

I had this same issue for months and today I FINALLY solved it with:

ADVTrustStore

You are going to want to use a project called ADVTrustStore from github. It does some fancy magic but it will correctly install certificates into your root trust-store on the simulator.

Steps to install a custom cert

# Clone the repo
git clone https://github.com/ADVTOOLS/ADVTrustStore.git

# Enter the repo directory
cd ADVTrustStore/

# Copy your .crt file 
cp somewhere/something.crt my.crt

# conver to a .pem file
openssl x509 -in my.crt -out my.pem -outform PEM

# Install the pem in the simulators
./iosCertTrustManager.py -a my.pem

Using this process I was able to get GoogleStreetView images to render correctly while behind a corporate firewall using SSL resigning with self-signed certificates

Background

I was using CharlesProxy and i noticed it was correctly installing certificates into the Simulator but they did not show up in the Settings - Profiles section. Then after some searching I discovered this tool. There are probably a few other tools out there but in my case the drag-and-drop never worked correctly for all cases. Safari would be fine but not my applications.

Answer 4

Take a look at the shell script Charles uses to install their self signed cert into the simulator's keychain. http://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/

See also:

• iPhone TrustStore CA certificates
• http://redgreenrefactor.eu/blog/testing-https-on-iphone-simulator/

It looks like installing your own certificate in the simulator may require installing it on a device via Safari and then copying the resulting row from the device's TrustStore.sqlite3 into the simulator's.

Answer 5

Using iPhone Backup Extractor, I copied my iPhone's TrustStore.sqlite3 into ~/Library/Application Support/iPhone Simulator/6.0/Library/Keychains, overwriting the existing file. I tried to only insert a single row with the following sqlite, but I couldn't get it working.

sqlite3 ~/backup/iOS\ Files/TrustStore.sqlite3
sqlite3>.mode insert
sqlite3>.output working.sql
sqlite3>select * from tsettings;
sqlite3>.quit

Now, working.sql has the entire contents of the tsettings table (in my case, 1 row).

sqlite3 ~/Library/Application\ Support/iPhone\ Simulator/6.0/Library/Keychains/TrustStore.sqlite3
sqlite3>INSERT INTO tsettings VALUES(X'...
sqlite3>.quit

Again, the above sqlite commands didn't work for me, but might be a good starting point for someone else. Copying the entire TrustStore.sqlite3 from the backup into the simulator worked just fine.

Answer 6

Take a look at the iostrust Ruby gem: http://github.com/yageek/iostrust