I'm using the NEVPNManager to create a personal VPN for my iOS app which is working. Now I'm trying to install a root CA certificate that can be used by all apps. I understand the user will need to trust this certificate under General -> About - Certificate Trust Settings. I'm trying to automate as much of this process as possible. The two ways I've found to attempt to do this are either:
1) Open Safari with a URL to the root certificate hosted on a website and iOS will prompt the user to install the certificate as a profile.
2) Install the certificate pragmatically within the app.
Option #1 works, but after the user installs the certificate they are not take back to the app and still have to manually go in and trust the certificate in the Certificate Trust Settings.
With option #2 if SecItemAdd is used it is only added to the keychain for the sandbox for my app and not available to other apps. The only option I have seen to make if available to other apps it to increase it's trust level as shown here, but this seems to require an old open source library from Apple that I was not able to get to build.
So, what is the best option to accomplish installing the root certificate and prompting the user to make it trusted? If it is possible through #2, any ideas how I build and then incorporate that library into my app? If I'm left with #1, what is the best way to simplify the process for the user?
