10.3. Installing Certificates

Certificates can be installed on iPhones through a number of means. The easiest way to install a new certificate on an iPhone or iPod touch is by providing the certificate via a web site or by emailing the certificate to the user. In either scenario, the user needs to visit either the web site or tap on the certificate attached in an email. Once you have reached this point, you will be presented with the Install Profile interface. In Figure 10-7, you accessed the organization's root Certificate Authority certificate by opening http://myco.com/myco_ca.cer in Safari, which installs our LBC Certificate Authority root certificate.

Figure 10.7. Install Certificate screen

At this point, we can verify that it is the appropriate certificate, and then tap on the Install button to install it. If you are using an internally signed Certificate Authority, then you will be presented with an error, as seen in Figure 10-8.

Figure 10.8. Unverified root certificate

Click Install Now to add the certificate to the devices local trust. You will be prompted to enter your device password, if one has been configured. The certificate will then be added, and from now on accessing SSL services signed by your Certificate Authority will function without warning.

To modify certificates which have been installed and remove them from the trust, you must use the General pane found under the Settings app. In this interface, certificates will be listed under the Profile section, as seen in Figure 10-9.

Figure 10.9. Installed profiles

You can click on each installed profile to view more information. In this interface, profiles can simply be imported certificates, and they can also be configurations created using the iPhone configuration utility, which has a dedicated section later in this chapter. Using this interface, you can remove any installed restrictions, provided you can provide the phones passcode when prompted.