urda 2 days ago

Yes, I have a private CA I install on all my Apple devices for my self-signed certs. After I have the root CA on the device, it looks like any other valid SSL to iOS / macOS.

Reply View 2 replies
  • cpach 2 days ago

    Nit-pick: In that case the certs aren’t self-signed, they are regular leaf certs, chained to a “non-standard” CA.

    Reply View 1 reply
    • urda 2 days ago

      This is true, the user I replied to was asking about root CA's so I tried to address that.

      Reply View 0 replies
lxgr 2 days ago

You can, but I find that much less secure than being able to TOFU a self-signed certificate:

I once did this, and besides being incredibly unergonomic, now I have to either securely destroy or safely store the signing key for the self-signed CA, or risk malware from performing an MITM against any app on my device, and not just e.g. the email client.

Reply View 1 reply
mysteria 2 days ago

At least with Safari all my internal SSL web services work properly on iOS with the root cert installed. Not sure about IMAP.

Reply View 0 replies