Wednesday, January 14, 2009

iPhone supports alternate CA root certs!

I happened to stumble across this earlier this evening. The iPhone now supports adding additional SSL CA root certificates. Here's the flow for adding one. You can follow along if you like. You probably don't have any particular incentive to add the KFU CA root certificate (unless you are a user at KFU), but there's no particular harm. Surf to https://www.kfu.com/ssl.html on your phone and....



Since the server's cert is signed by an unknown CA, that's not unexpected. As part of the bootstrap, you need to blindly accept the server key once.

Once you get the actual content of the page, follow the instructions and tap the "click me" link. You'll be transported into the Settings application and you'll see this:



Tap on "install" and you'll get a scary looking warning:



Don't worry, this is to be expected. Installing SSL CA root certificates is an extraordinary event and should not be taken lightly.

Tap install and you'll get:



Tap the "Done" button in the upper right corner to return to the web page where you were.

You can go into the Settings application anytime you like and find the "profile" and delete it. It's under the "General" menu item.

No comments: