Adding a self-signed certificate to iphone Simulator?

96
votes

I have a self-signed certificate at the endpoint of my API. I'm trying to test some things using the simulator but am getting "untrusted server certificate".

I have tried to use safari on the simulator to download the .crt file, but that doesn't seem to work.

Where does iPhone Simulator get its keychain from? How can I add a trusted certificate so my application will work?

UPDATE

I got it to work by creating a CA and then adding a CA certificate using the iPhone provisioning tool. Then I was able to have a certificate signed by that CA certificate on the API server and the NSConnection just worked. I was not able to get it to work using a self-signed certificate for some reason. I need to re-attempt this using the provisioning software.

My real question is how do I get this to work on the simulator? I would think that the simulator uses the keychain of the actual computer.

9
iphonesslios-simulatorkeychainpki
I recently hit this with a host trusted by a CA certificate that was imported into the login keychain on the development Mac. (That is, my local Safari trusts the site, but not the simulator.) I was surprised it didn't work with the simulator. How does one use the iPhone provisioning tool to manipulate the trusted certificates on the simulator?mpontillo

9 Answers

120
votes

Just for Info, if someone still runs into that problem:

simply drag & drop your .cer Files into your running Simulator window. You'll see Safari flashing and then the import dialog for your Certificate (or Certificate Authority)...

Working for iOS 7 Simulator (and i Think did work for iOS 6 too).

47
votes

For those who find that the dragging and dropping of the certificate on the Simulator isn't working, there was a recent change that adds an extra step.

The Simulator must be explicitly told to trust the root CA. Do this by going to:

General -> About -> Certificate Trust Settings -> "Enable Full Trust for Root Certificate" for your particular certificate

See the full answer here:

23
votes

I had this same issue for months and today I FINALLY solved it with:

ADVTrustStore

You are going to want to use a project called ADVTrustStore from github. It does some fancy magic but it will correctly install certificates into your root trust-store on the simulator.

Steps to install a custom cert

# Clone the repo
git clone https://github.com/ADVTOOLS/ADVTrustStore.git

# Enter the repo directory
cd ADVTrustStore/

# Copy your .crt file 
cp somewhere/something.crt my.crt

# conver to a .pem file
openssl x509 -in my.crt -out my.pem -outform PEM

# Install the pem in the simulators
./iosCertTrustManager.py -a my.pem

Using this process I was able to get GoogleStreetView images to render correctly while behind a corporate firewall using SSL resigning with self-signed certificates

Background

I was using CharlesProxy and i noticed it was correctly installing certificates into the Simulator but they did not show up in the Settings - Profiles section. Then after some searching I discovered this tool. There are probably a few other tools out there but in my case the drag-and-drop never worked correctly for all cases. Safari would be fine but not my applications.

12
votes

For anyone use OS X Catalina, please check this : https://forums.developer.apple.com/thread/124056.

Catalina is currently blocking access to Desktop, Documents and Downloads folder. I moved certificate files to Shared folder and drag and drop the files to simulator from there.

9
votes

Take a look at the shell script Charles uses to install their self signed cert into the simulator's keychain. http://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/

See also:

It looks like installing your own certificate in the simulator may require installing it on a device via Safari and then copying the resulting row from the device's TrustStore.sqlite3 into the simulator's.

4
votes

Dragging and drop used to work but it didn't work on XCode 12 for me. What worked for me was opening Safari browser on Simulator and then typing the file URL for the .crt certificate file. Ex.

file:///Users/[folder_path]/[certificate.crt]

After that you have to goto Simulator Settings and install the certificate by navigating into General > Profiles section.

3
votes

For IOS14, after the dragging, you need go to:

General -> Profile -> select you profile -> install

and then:

General -> About -> Certificate Trust Settings -> "Enable Full Trust for Root Certificate" for your particular certificate

see also https://developer.apple.com/library/archive/qa/qa1948/_index.html

2
votes

Using iPhone Backup Extractor, I copied my iPhone's TrustStore.sqlite3 into ~/Library/Application Support/iPhone Simulator/6.0/Library/Keychains, overwriting the existing file. I tried to only insert a single row with the following sqlite, but I couldn't get it working.

sqlite3 ~/backup/iOS\ Files/TrustStore.sqlite3
sqlite3>.mode insert
sqlite3>.output working.sql
sqlite3>select * from tsettings;
sqlite3>.quit

Now, working.sql has the entire contents of the tsettings table (in my case, 1 row).

sqlite3 ~/Library/Application\ Support/iPhone\ Simulator/6.0/Library/Keychains/TrustStore.sqlite3
sqlite3>INSERT INTO tsettings VALUES(X'...
sqlite3>.quit

Again, the above sqlite commands didn't work for me, but might be a good starting point for someone else. Copying the entire TrustStore.sqlite3 from the backup into the simulator worked just fine.

1
votes

Take a look at the iostrust Ruby gem: http://github.com/yageek/iostrust