Install a Windows Server Active Directory Root Certificate in iOs

Georg Dangl by Georg Dangl in Windows Server Friday, April 22, 2016

Friday, April 22, 2016

Here's a short blog post showing you how to use self-signed certificates from your home network Active Directory Controller in iOS. I assume you either have a Windows Server 2012 (R2) with the Essentials role installed up and running on your domain or a "real" domain controller.

On Server 2012 (R2) Essentials, there should be a website called "Default Web Site" installed within IIS which has a sub site called "CertSrv" for the certification service offered by the Active Directory domain controller (There's also the "Connect" site which you've probably used before to connect client machines). On Windows clients joined to the domain, your root domain Certificate Authority (CA) certificate should get installed by the default group policies that that the Essentials role is preconfigured with. For mobile devices (like iOS), you've got to add the root CA as trusted entity yourself. To do that, navigate to http://<YourServerName>/Certsrv, log in with a domain user and you should find the following site:

Active Directory Certificate Server Welcome Site

Click on the last link, which is, depending on your language, something like "Download a certificate authority root certificate". This should bring you to the next page where the standard settings will be fine for you.

Active Directory Certificate Server Select Certificate to Download

Now just click on the uppermost link to install the certificate and find yourself in the iOS settings to review and confirm the installation. The certificate will be named "<YourADDomain>-<ServerName>-CA".

Install a certificate in iOS

After you have installed it, you can browse to a website that is using this certificate and you'll see that's it accepted just like a regular certificate:

Verification of working self signed certificates on the mobile Safari browser in iOS

 


Share this post


comments powered by Disqus

About me

Hi, my name's George! I love coding and blogging about it. I focus on all things around .Net, Web Development and DevOps.

DanglIT

Need a partner for DevOps, Web Services or Software Development?

Contact me at [email protected], +49 (173) 56 45 689 or visit my professional page!

Dangl.Blog();
// Just 💗 Coding

Social Links