Self-Signed Certificates & HTTPS Requests 10.3

I do have the self-signed certificate and root certificate installed via a profile on both simulators.

Why would you have both a self-signed certificate and a root certificate? If you install a root certificate, it can issue the server certificate and thus there’s no need for a self-signed certificate. And if you have a self-signed certificate, which is self-signed (obviously :-), there’s no need for a root certificate to issue it.

I don’t know why things are failing on the 10.3 beta but my general advice on this front is to not use self-signed certificates, but instead:

1. Create a test CA

2. Have it issue the server’s certificate

3. Install the test CA’s root certificate on your device

QA1948 HTTPS and Test Servers has all the details.

With regards 10.3 beta specifically, it has a new UI for controlling root certificate trust. If you rely on a test CA, make sure its root certificate is marked as trusted in Settings > General > About > Certificate Trust Settings.

Once 10.3 goes GM I’ll update QA1948 to cover this gotcha (r. 30865079).

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

This part of your post finally solved my problems after hours of desperate debugging. The issue is the root is trusted by default when updating to a 10.3 beta, but if you reset content and settings, it is disabled by default.

With regards 10.3 beta specifically, it has a new UI for controlling root certificate trust. If you rely on a test CA, make sure its root certificate is marked as trusted in Settings > General > About > Certificate Trust Settings.

The setting that did it was:

Settings -> General -> About -> Certificate Trust Settings

I'll put that note in the bug report open! Thank you so much!