search

FiloSottile / mkcert

A simple zero-config tool to make locally trusted development certificates with any names you'd like.
https://mkcert.dev
BSD 3-Clause "New" or "Revised" License
48.74k stars 2.52k forks source link

Installed root certificate is not listed in "Certificate Trust Settings" due to iOS bug #47

Closed ceoimon closed 6 years ago

FiloSottile commented 6 years ago

I'm not sure I understand the issue, can you provide some more details?

ceoimon commented 6 years ago

I'm trying to use the certificate on my iPhone (running iOS 11.4).

After I installed the certificate(rootCA.pem), it is not showing up in the (Settings > General > About > Certificate Trust Settings) and therefore I can't follow the Enable full trust for root certificates instruction.

I am also able to reproduce the issue on an iPhone simulator:

simulator screen shot - iphone x - 2018-07-13 at 10 29 38 simulator screen shot - iphone x - 2018-07-13 at 10 29 58 simulator screen shot - iphone x - 2018-07-13 at 10 30 07

J132134 commented 6 years ago

I have the same problem, too

ghost commented 6 years ago

scep allows the Certificate to be trusted automatically.

https://github.com/micromdm/scep

Also MDM golang server there too :)

tomodian commented 6 years ago

having the same issue.

FiloSottile commented 6 years ago

🤬 https://forums.developer.apple.com/thread/89568

It's a bug in iOS, I'll work around it. Should manage to pull off reissuing the same CA without having to remake all certificates.

FiloSottile commented 6 years ago

Nope, fixing this will require reissuing the roots. I had an idea to misuse AuthorityKeyID (https://twitter.com/FiloSottile/status/1023564776834826240) but turns out we don't add one to our roots =(

FiloSottile commented 6 years ago

This should be fixed in the upcoming v1.0.1 version.

If you have already used mkcert, you need to update it, and then regenerate the root.

mkcert -uninstall
rm -r "$(mkcert -CAROOT)"

Skip the -uninstall step if you want existing certificates to keep working.

shri3k commented 5 years ago

Hey @ceoimon did you ever get this working? I've tried updating mkcert as mentioned by @FiloSottile but I still don't see it in "Certificate Trust Settings". Installed rootCA.pem on both Emulator and real device and don't see it in "Certificate Trust Settings" on either of them. I'm not sure what I'm doing wrong.

FiloSottile commented 5 years ago

Did you delete the root and regenerated it?

shri3k commented 5 years ago

I think this command essentially does that if I'm not mistaken.

rm -r "$(mkcert -CAROOT)"

I did however went and ran mkcert -uninstall too just for good measure. I'm scratching my head and wanted to see if others got it working too. This is in iPhone XS Max (iOS 12.1) Emulator if it helps at all.

Also, one small request. Would it be possible to have mkcert display the current version it's running? I think I have the right binary in my GOPATH for mkcert. I checked the src and it had the latest commit from master branch but was unable to tell which version of binary I was running apart from checking the "modified date" of the binary.

I love the simplicity of this tool if I haven't mentioned that already. :smiley:

Epho commented 4 years ago

Anyone else still having issues? I just installed the latest mkcert and am unable to see the cert in "Certificate Trust Settings". I tried uninstalling, deleting the root, and regenerating, for good measure, but no dice.

IMG_4EF636D49D4C-1

FiloSottile commented 4 years ago

@Epho Please open a new issue and we'll look into it!