Installing private root CA certificate on iOS devices

This isn’t related to Lync or Skype for Business, but we see people having a hard time to install root CA certificates on iOS devices (iPhone/iPad).

While it’s recommended to use public certificates for Lync Mobility, sometimes we are just doing some tests to show to decision makers. Another case is a company that only deployed Lync Mobility internally and doesn’t want to spend on a public certificate.

Sending the root CA to an email account won’t work. We recommend you follow the next steps:

Step 1 – Export root CA certificate

The first thing is to obtain the certificate. We can do this by browsing our CA or exporting it from our PC.

Method A: Internal CA website

In this case http://dc.lync2013.uclobby/certsrv/ in Internet Explorer.


Select Download a CA certificate, certificate chain or CRL, and then click Download CA certificate.


Method B: Using MMC Certificate Snap-in

Open MMC and add the Certificate Snap-In. Expand Trusted Root Certification Authorities and select Certificates and the CA certificate and Export it.


In the File Format select DER.


After selecting the file destination path, we will get the following windows:



Step 2 – Importing CA to OneDrive

Open Internet Explorer and browse

Select the right folder and select Upload:


After uploading the file, the following message will be displayed:


Step 3 -Installing the root CA certificate

Now in your iOS device, open Safari, browse, and find the root CA certificate file.


Download the file and, when it completes, we will be prompted to install:


Since this is a private root CA, iOS wont trust it. Selecting Install will show a warning and we need to confirm again to install the certificate.


After choosing the Install option, the private root CA certificate is now trusted by our iOS device.


Important note: Don’t use OneDrive App to download the certificate, or it will give an error message:


Step 4 – Check if the root CA certificate is installed

The root CA certificates will be stored as profiles. To view all the certificates installed, go to Settings->General->Profiles:


Note: This option will only appear below the VPN settings if we have at least one certificate installed.

As a final note, it’s important to say that these steps aren’t the only way to do this. Still, they certainly are a practical way to successfully install the root CA certificate on iPhone or iPad.