Installing private root CA certificate on iOS devices

This isn’t related to Lync or Skype for Business, but we see people having a hard time to install root CA certificates on iOS devices (iPhone/iPad).

While it’s recommended to use public certificates for Lync Mobility, sometimes we are just doing some tests to show to decision makers. Another case is a company that only deployed Lync Mobility internally and doesn’t want to spend on a public certificate.

Sending the root CA to an email account won’t work. We recommend you follow the next steps:

Step 1 – Export root CA certificate

The first thing is to obtain the certificate. We can do this by browsing our CA or exporting it from our PC.

Method A: Internal CA website

In this case http://dc.lync2013.uclobby/certsrv/ in Internet Explorer.

ioscert01

Select Download a CA certificate, certificate chain or CRL, and then click Download CA certificate.

ioscert02

Method B: Using MMC Certificate Snap-in

Open MMC and add the Certificate Snap-In. Expand Trusted Root Certification Authorities and select Certificates and the CA certificate and Export it.

ioscert03

In the File Format select DER.

ioscert04

After selecting the file destination path, we will get the following windows:

ioscert05

ioscert06

Step 2 – Importing CA to OneDrive

Open Internet Explorer and browse onedrive.com.

Select the right folder and select Upload:

ioscert07

After uploading the file, the following message will be displayed:

iOSCert08

Step 3 -Installing the root CA certificate

Now in your iOS device, open Safari, browse onedrive.com, and find the root CA certificate file.

iOSCert09

Download the file and, when it completes, we will be prompted to install:

iOSCert10

Since this is a private root CA, iOS wont trust it. Selecting Install will show a warning and we need to confirm again to install the certificate.

iOSCert11

After choosing the Install option, the private root CA certificate is now trusted by our iOS device.

iOSCert12

Important note: Don’t use OneDrive App to download the certificate, or it will give an error message:

iOSCert13

Step 4 – Check if the root CA certificate is installed

The root CA certificates will be stored as profiles. To view all the certificates installed, go to Settings->General->Profiles:

iOSCert14iOSCert15

Note: This option will only appear below the VPN settings if we have at least one certificate installed.

As a final note, it’s important to say that these steps aren’t the only way to do this. Still, they certainly are a practical way to successfully install the root CA certificate on iPhone or iPad.