starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #233] Installed certificate does not show up in Certificate Trust Settings #148

New issue
Closed
opened 2026-02-25 22:32:43 +03:00 by kerem · 13 comments
kerem commented 2026-02-25 22:32:43 +03:00
Owner
Copy link

Originally created by @Epho on GitHub (Jan 10, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/233

Related to #47

I recently installed the latest mkcert and am unable to see the cert in "Certificate Trust Settings". I tried uninstalling, deleting the root, and regenerating, for good measure, but no dice.

IMG_4EF636D49D4C-1

Originally created by @Epho on GitHub (Jan 10, 2020). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/233 Related to #47 I recently installed the latest mkcert and am unable to see the cert in "Certificate Trust Settings". I tried uninstalling, deleting the root, and regenerating, for good measure, but no dice. ![IMG_4EF636D49D4C-1](https://user-images.githubusercontent.com/1441652/72121279-704f6980-330f-11ea-99b6-34e150c53c6d.jpeg)
kerem closed this issue 2026-02-25 22:32:43 +03:00
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@coole106 commented on GitHub (May 6, 2020):

I'm having the same issue. I installed a certificate and it's not showing up here.

<!-- gh-comment-id:624702221 --> @coole106 commented on GitHub (May 6, 2020): I'm having the same issue. I installed a certificate and it's not showing up here.
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@vlad2 commented on GitHub (Jul 8, 2020):

Hi, one reason could be that the certificate doesn't have the CN (common name) section.

<!-- gh-comment-id:655400875 --> @vlad2 commented on GitHub (Jul 8, 2020): Hi, one reason could be that the certificate doesn't have the CN (common name) section.
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@suda commented on GitHub (Sep 10, 2020):

I think I know what's the problem here. At some point, Apple changed the UI for the cert management so after downloading the certificate you get this:

CF0AD0CE-09DF-4D70-A8ED-851802EC04FA

And yes, it is in Settings but not where you think. At the top of the menu now there's Profile Downloaded option:

91F882A3-AC48-4B0D-B3DF-A04EE3455EE7

You tap that and you should be presented with the installation dialog:
C8FC6729-9114-413E-B287-0BA36B0036CD

After that, it should appear in the Certificate Trust Settings:

A8223F86-ABFB-41F2-8E57-AD5813A91FCA

Hope this helped :)

<!-- gh-comment-id:690110809 --> @suda commented on GitHub (Sep 10, 2020): I think I know what's the problem here. At some point, Apple changed the UI for the cert management so after downloading the certificate you get this: ![CF0AD0CE-09DF-4D70-A8ED-851802EC04FA](https://user-images.githubusercontent.com/25722/92710483-22847880-f358-11ea-9b90-6a06b3bdf04e.jpeg) And yes, it is in Settings but not where you think. At the top of the menu now there's **Profile Downloaded** option: ![91F882A3-AC48-4B0D-B3DF-A04EE3455EE7](https://user-images.githubusercontent.com/25722/92710735-5495da80-f358-11ea-9e38-a8ab0bec072c.jpeg) You tap that and you should be presented with the installation dialog: ![C8FC6729-9114-413E-B287-0BA36B0036CD](https://user-images.githubusercontent.com/25722/92710616-3d56ed00-f358-11ea-8ce7-bd8a34208584.jpeg) After that, it should appear in the **Certificate Trust Settings**: ![A8223F86-ABFB-41F2-8E57-AD5813A91FCA](https://user-images.githubusercontent.com/25722/92711126-a0488400-f358-11ea-94a3-84ee22db577f.jpeg) Hope this helped :)
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@tysecure commented on GitHub (Jan 17, 2023):

After generating the certificate, iOS states, "The authenticity of the profile cannot be verified," and it does not show up in Trust settings. I'm using the latest version of macOS Venture and iOS 16. Any ideas? Thanks

<!-- gh-comment-id:1384817616 --> @tysecure commented on GitHub (Jan 17, 2023): After generating the certificate, iOS states, "The authenticity of the profile cannot be verified," and it does not show up in Trust settings. I'm using the latest version of macOS Venture and iOS 16. Any ideas? Thanks
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@flyi36 commented on GitHub (Feb 19, 2023):

https://github.com/FiloSottile
Thank u from me

<!-- gh-comment-id:1435938643 --> @flyi36 commented on GitHub (Feb 19, 2023): https://github.com/FiloSottile Thank u from me
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@oojacoboo commented on GitHub (Sep 3, 2023):

After generating the certificate, iOS states, "The authenticity of the profile cannot be verified," and it does not show up in Trust settings. I'm using the latest version of macOS Venture and iOS 16. Any ideas? Thanks

I had this issue. You need to install all the intermediary/root CA "profiles". That'll be something like ca.pem. When you're self-signing and acting as your own CA, this is what's important since it's the key signing the certificates.

<!-- gh-comment-id:1704426981 --> @oojacoboo commented on GitHub (Sep 3, 2023): > After generating the certificate, iOS states, "The authenticity of the profile cannot be verified," and it does not show up in Trust settings. I'm using the latest version of macOS Venture and iOS 16. Any ideas? Thanks I had this issue. You need to install all the intermediary/root CA "profiles". That'll be something like `ca.pem`. When you're self-signing and acting as your own CA, this is what's important since it's the key signing the certificates.
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@AhmedNSidd commented on GitHub (Oct 31, 2024):

For what it's worth, I tried downloading all the intermediary certificates and then the root certificate (and tried it the other way around too), and couldn't get the certificates verified for my use case (I was exporting the certificates on my browser using Firefox)

<!-- gh-comment-id:2448874360 --> @AhmedNSidd commented on GitHub (Oct 31, 2024): For what it's worth, I tried downloading all the intermediary certificates and then the root certificate (and tried it the other way around too), and couldn't get the certificates verified for my use case (I was exporting the certificates on my browser using Firefox)
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@oojacoboo commented on GitHub (Oct 31, 2024):

Send the root CA certificate to your iOS device that you created, when self-signing whatever other certificate. Then from email, install that on iOS as a "profile". Then go into it and click to trust it, turning your CA certificated into a trusted root CA.

<!-- gh-comment-id:2448880561 --> @oojacoboo commented on GitHub (Oct 31, 2024): Send the root CA certificate to your iOS device that you created, when self-signing whatever other certificate. Then from email, install that on iOS as a "profile". Then go into it and click to trust it, turning your CA certificated into a trusted root CA.
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@AhmedNSidd commented on GitHub (Oct 31, 2024):

I did do exactly what you mentioned Jacob, but the issue I’m running into is that iOS ends up saying the certificate can’t be verified, so even though I can install the certificate, I can’t give it full trust.

Anyway, I think this could potentially have something to do with iOS 18. I found this thread: https://forums.developer.apple.com/forums/thread/764673

<!-- gh-comment-id:2448890738 --> @AhmedNSidd commented on GitHub (Oct 31, 2024): I did do exactly what you mentioned Jacob, but the issue I’m running into is that iOS ends up saying the certificate can’t be verified, so even though I can install the certificate, I can’t give it full trust. Anyway, I think this could potentially have something to do with iOS 18. I found this thread: https://forums.developer.apple.com/forums/thread/764673
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@oojacoboo commented on GitHub (Oct 31, 2024):

It needs to be a root CA, so make sure that's the case. Then, you need to go under your settings and "trust" it. I recall dealing with the unverified bit, but it was because it wasn't being marked as "trusted".

<!-- gh-comment-id:2448892684 --> @oojacoboo commented on GitHub (Oct 31, 2024): It needs to be a root CA, so make sure that's the case. Then, you need to go under your settings and "trust" it. I recall dealing with the unverified bit, but it was because it wasn't being marked as "trusted".
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@gionapaolini commented on GitHub (Feb 9, 2025):

For those that still cannot see their certificate under "Certificate Trust Settings"
In my case the problem was that the certificate had an expiry date too high (it can be max 398 days, as stated here)

<!-- gh-comment-id:2646473485 --> @gionapaolini commented on GitHub (Feb 9, 2025): For those that still cannot see their certificate under "Certificate Trust Settings" In my case the problem was that the certificate had an expiry date too high (it can be max 398 days, as stated [here](https://support.apple.com/en-us/102028))
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@ggitthub commented on GitHub (Mar 9, 2025):

I created my own CA certificate on Mac, imported it to an iPad and had the same issue with not seeing it in the "Certificate Trust Settings". Turned out I was importing a .p12 file instead of a .cer file (both are available as export from the Mac Keychain app).

The Configuration Profile under Settings > General > VPN & Device Management looks absolutely identical in both cases! BUT it doesn't show up to be trusted in Settings > About > Certificate Trust Settings if the .p12 file was used!

<!-- gh-comment-id:2709046388 --> @ggitthub commented on GitHub (Mar 9, 2025): I created my own CA certificate on Mac, imported it to an iPad and had the same issue with not seeing it in the "Certificate Trust Settings". Turned out I was importing a .p12 file instead of a .cer file (both are available as export from the Mac Keychain app). The Configuration Profile under Settings > General > VPN & Device Management looks **absolutely identical** in both cases! BUT it doesn't show up to be trusted in Settings > About > Certificate Trust Settings if the .p12 file was used!
kerem commented 2026-02-25 22:32:44 +03:00
Author
Owner
Copy link

@philip-lamb commented on GitHub (Apr 19, 2025):

For those that still cannot see their certificate under "Certificate Trust Settings" In my case the problem was that the certificate had an expiry date too high (it can be max 398 days, as stated here)

From that page:

This change will not affect certificates issued from user-added or administrator-added Root CAs.

<!-- gh-comment-id:2816869366 --> @philip-lamb commented on GitHub (Apr 19, 2025): > For those that still cannot see their certificate under "Certificate Trust Settings" In my case the problem was that the certificate had an expiry date too high (it can be max 398 days, as stated [here](https://support.apple.com/en-us/102028)) From that page: > This change will not affect certificates issued from user-added or administrator-added Root CAs.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#148
No description provided.