iOS Configuration Profiles and Certificate Trust Settings

This article will describe the steps needed for importing a VPN, DNS, or Device Management profile to a iOS or iPadOS device and enabling full trust for these certificates.

The configuration profiles allow an administrator to import settings to an iPhone or iPad which can be used for functions like VPN, DNS proxying, MDM, or trusting an internal Certificate Authority.

Recently, I implemented SSL decryption on my firewall, and had to import a self-signed CA certificate into my devices so that it was trusted and SSL/TLS errors didn’t appear within the web browser. There are two main steps for this.

First, send the certificate to the device using some method such as email, Dropbox, Airdrop, or MDM (if this is a managed device already). The certificate will appear under Settings->General->VPN,DNS, & Device Management. Make sure the cert you imported shows “Verified” when clicking on it under the “Configuration Profiles” section.

Next, if you need the device to trust this certificate as a root CA, you must also go to Settings->General->About and scroll down to “Certificate Trust Settings”. Check the box next to the cert in the “Enable Full Trust For Root Certificates” section.

Now, the device shouldn’t see any browser warnings when SSL decryption is performed using that certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *