[m463]

Can you add your own CA cert to your device?

[urda]

Yes, I have a private CA I install on all my Apple devices for my self-signed certs. After I have the root CA on the device, it looks like any other valid SSL to iOS / macOS.

[cpach]

Nit-pick: In that case the certs aren’t self-signed, they are regular leaf certs, chained to a “non-standard” CA.

[urda]

This is true, the user I replied to was asking about root CA's so I tried to address that.

[lxgr]

You can, but I find that much less secure than being able to TOFU a self-signed certificate:

I once did this, and besides being incredibly unergonomic, now I have to either securely destroy or safely store the signing key for the self-signed CA, or risk malware from performing an MITM against any app on my device, and not just e.g. the email client.

[benmmurphy]

does iphone support name constraints on CA certificates? (https://systemoverlord.com/2020/06/14/private-ca-with-x-509-...)

[mysteria]

At least with Safari all my internal SSL web services work properly on iOS with the root cert installed. Not sure about IMAP.

[telgareith]

Yes.