urda a year ago

Yes, I have a private CA I install on all my Apple devices for my self-signed certs. After I have the root CA on the device, it looks like any other valid SSL to iOS / macOS.

  • cpach a year ago

    Nit-pick: In that case the certs aren’t self-signed, they are regular leaf certs, chained to a “non-standard” CA.

    • urda a year ago

      This is true, the user I replied to was asking about root CA's so I tried to address that.

lxgr a year ago

You can, but I find that much less secure than being able to TOFU a self-signed certificate:

I once did this, and besides being incredibly unergonomic, now I have to either securely destroy or safely store the signing key for the self-signed CA, or risk malware from performing an MITM against any app on my device, and not just e.g. the email client.

mysteria a year ago

At least with Safari all my internal SSL web services work properly on iOS with the root cert installed. Not sure about IMAP.