Merge pull request #1009 from hobinjk-ptc/docs-ios-certs

Add documentation about trusting self-signed certs on iOS
ptcrealitylab · Mar 5, 2024 · 7e6f764 · 7e6f764
2 parents 1a23283 + 978533e
commit 7e6f764
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -54,7 +54,8 @@ vim scripts/cert.conf
 
 If desired, you can now add this certificate (cert.pem) to your local trusted
 certificate store (e.g. Keychain on macOS) to not have to manually add it to
-each browser's cert store.
+each browser's cert store. For more information on trusting on iOS, see [this
+guide](./docs/ios-cert-install.md)
 
 You can now run the server using the following command:
 

diff --git a/docs/assets/downloading-certpem-clicked.png b/docs/assets/downloading-certpem-clicked.png
diff --git a/docs/assets/downloading-certpem.png b/docs/assets/downloading-certpem.png
diff --git a/docs/assets/python3-http-server.png b/docs/assets/python3-http-server.png
diff --git a/docs/assets/settings-profile-install.png b/docs/assets/settings-profile-install.png
diff --git a/docs/assets/settings-with-profile-downloaded.png b/docs/assets/settings-with-profile-downloaded.png
diff --git a/docs/ios-cert-install.md b/docs/ios-cert-install.md
@@ -0,0 +1,39 @@
+---
+layout: doc
+title: Installing Self-signed Certificates on iOS
+permalink: /docs/dive-deeper/internals/ios-self-signed-certificates
+---
+
+The overall process to trusting a local edge server's self-signed certificates
+is to download the cert onto the phone then trust the "Profile" this cert
+provides in the phone's settings.
+
+### Download cert.pem onto phone
+We need to get the file `cert.pem` onto the phone. One such tool is python's built-in http server:
+
+![terminal window showing results of running python3's http server module](./assets/python3-http-server.png)
+
+Next, navigate to http://your-edge-server-ip-address:8000/ to see a listing of
+all files in this directory and download cert.pem from the list.
+
+![a directory listing in Safari on iOS](./assets/downloading-certpem.png)
+
+The page will prompt you if you trust this configuration profile. Accept this prompt and open the Settings app to finish trusting the profile.
+
+![a popup from Safari asking whether you trust the configuration profile](./assets/downloading-certpem-clicked.png)
+
+### Trust configuration profile in Settings
+
+In the Settings app there will be a helpful shortcut "Profile Downloaded" to
+navigate directly to trusting the newly downloaded profile.
+
+![Settings app with "Profile Downloaded" shortcut button visible](./assets/settings-with-profile-downloaded.png)
+
+Tap this shortcut to move onto trusting the profile. Press "Install" on this
+next screen and enter your passcode to finish the trusting process.
+
+![A prompt to the user to install the new configuration profile](./assets/settings-profile-install.png)
+
+With this entire process complete, you should now see the Configuration Profile
+reflected in the Settings - VPN and Device Management list of profiles.
+