How to Import the ZT Root Certificate to an iOS device

Recording iOS device (e.g., iPhone and iPad) sessions require that you have installed your self-generated CA root certificate on these devices. This is a quick review of the steps to get this on your iPhone or iPad.

Transferring the Certificate

The first step is getting the CA root certificate on the device. You can e-mail your CA root certificate to an Apple iOS device or put it on any Web server and address its URL directly in Safari. You can even use an application that syncs to each device (e.g., Evernote/Dropbox, etc.) and save that certificate to your iPhone/iPad Files folder.

After clicking on the certificate in the e-mail, entering the URL in Safari, or clicking on the certificate in your iPhone/iPad, your CA root certificate can be imported:

iPad

Step

ScreenShot

Step

ScreenShot

Install Profile

After you click on your certificate file, there will be a new Profile downloaded.

  1. Under Settings--> General, the “Profile Downloaded” will open a dialog to install the certificate.

  2. Click Install

You also can remove the Downloaded Profile if this was either mistakenly downloaded or a no longer needed Profile.

Enter Passcode

  1. Enter your passcode to Continue

  2. Do not enter your Apple ID password.

iOS Warning

  1. iOS will warn you that this certificate has no trust or a trusted Root CA

  2. Since this is self-generated, you can install this certificate

  3. iOS will ask for final confirmation before doing the install

Profile Installed

  1. Once completed, the Certificate will read now as Verified.

  2. Click More Details to check.

ZebraTester Root CA Sample Cert

All the details originally provided at certificate creation should be listed here.

Settings

You can find the Configuration Profiles underneath the SettingsGeneralProfiles menus.

 


iPhone

Step

ScreenShot

Step

ScreenShot

Settings: Profile Downloaded

After you click on your certificate file, there will be a new Profile downloaded.

  1. Under Settings, → “Profile Downloaded” will open a dialog to install the certificate.

  2. Click the right “>” to start Installation.

Install Profile

  1. Notice that the Profile has a Not Verified label beneath it.

  2. Click Install

You also have the option to Remove the Downloaded Profile if this was either mistakenly downloaded or a no longer needed Profile.

Enter Passcode

  1. Enter your passcode to Continue

  2. Do not enter your Apple ID password.

 

iOS Warning

  1. iOS will warn you that this certificate has no trust or a trusted Root CA

  2. Since this is self-generated, you can install this certificate

  3. Click Install

  4. iOS will ask for final confirmation before doing the install

  5. Click Install

 

Profile Installed

  1. Once completed, the Certificate will read now as Verified.

Profile for ZebraTester Root CA Sample Cert

  1. Click Profile –> More to see the certificate.

  2. Drill down again to get certificate details.

All the details originally provided at certificate creation should be listed here.

ZebraTester Root CA Sample Cert

All the details originally provided at certificate creation should be listed here.

 


Trust

Trust manually installed certificate profiles in iOS In iOS 10.3, and later, when you manually install a profile that contains a certificate payload, that certificate isn't automatically trusted for SSL.

The Screenshots for

You must manually turn on trust for SSL when you install a new profile.

Step

Screenshot

Step

Screenshot

Certificate Trust Settings

If you want to turn on SSL trust for a certificate:

  • Go to Settings > General > About > Certificate Trust Settings

  • Find the Enable Full Trust For Root Certificates section.

  • Enable trust for the certificate

iPhone


iPad

Root Certificate Warning

  • Click Continue

iPhone


iPad

Certificate Trust Settings Completed

iPhone


iPad

 

Recommendation

Apple recommends deploying certificates via Apple Configurator or Mobile Device Management (MDM). Certificate payloads installed with Configurator, MDM, or as part of an MDM enrollment profile are automatically trusted for SSL.

Can't find what you're looking for? Send an E-mail to support@apica.io