How to add a .crt certificate to iPhone's keychain?

certificate iphone

Updated for iOS 12.0.1

As Andrew and Michal mentioned, apparently iOS only allows the Mail and Safari apps to open and install certificates. Other apps are blocked from opening certificates.

So here is how I got mine working:

  1. Put my certificate file (mycertificate.crt) on my private local server temporarily.
  2. Using iOS Safari (very important), browse to my https://mylocalsite.test/mycertificate.crt
  3. You'll probably see a "This Connection Is Not Private" warning and need to click "Show Details" > "visit this website".
  4. When prompted with "This website is trying to open Settings to show you a configuration profile. Do you want to allow this? [Ignore or Allow?]", choose "Allow".
  5. You'll now be in your iPhone Settings > Install Profile. Click "Install" to install the certificate.
  6. Enter your passcode to confirm.
  7. You'll see a warning telling you "This certificate will not be trusted for websites until you enable it in Certificate Trust Settings." Press "Install" to proceed.
  8. Press "Done".
  9. Visit Settings > General > About > Certificate Trust Settings
  10. "Enable full trust for root certificates" for the newly-installed certificate.
  11. (Restarting the phone does not seem to be necessary.) I was immediately able to use Chrome to browse to my site using https, and it worked as I hoped.

These other links helped me, too:

  • https://support.apple.com/en-us/HT204477
  • https://support.securly.com/hc/en-us/articles/206978437-How-to-deploy-Securly-SSL-certificate-to-iOS-
  • For generating a local Certificate Authority and self-signed certificate, my favorite approach as of 2020-09-14 is https://github.com/FiloSottile/mkcert

Copied from the site you linked

If you wish to use your certificate for S/MIME after you have followed this guide, please visit https://support.quovadisglobal.com/KB/a353/how-do-i-sign-and-encrypt-on-an-apple-iphone.aspx. Important Note: Apple recommends that a *.p12 or *.pfx file is sent to your device as an attachment in an email. QuoVadis does not recommend this approach unless email access to your mail server is encrypted using SSL.

You need to e-mail yourself the certificate, other 3PP programs are sandbox'd from accessing the iOS keychain.


From iOS 11, if the .crt file is in a location accessible using the Files app, then you just need to tap on it from within Files to install the certificate.

This also applies to other types of certificates supported by iOS.

Related

Does my son know I'm using Find my iPhone when I log on?
How to disable account on OS X Mavericks
How to create a Windows 10 bootable USB on a Mac for PC without Bootcamp, when install.wim is too large
Does battery condition have anything to do with macbook pro performance?
Downloading voicemail to my laptop
How can I delete saved commands from Terminal?
Alternative to APLAY for Mac OS X bash
How to Eject All External Partitions Quickly?
Terminal: run source ~/.bash_profile every time start new terminal
How to run an app that require Java SDK on macOS Catalina 10.15?
Is a 3-5 second delay normal for a Retina MacBook Pro to wake up from sleep?
Force Preview to open all selected images in one window