Add Internal CA Root Cert to iPhone iOS Provisioning Profile

Question

My iOS app is in development right now and the services we connect to are using a cert that is signed by our internal (company) CA. My app in many places calls secure web services using synchronous requests. It would be a large effort to switch to async and handle the cert challenge to manually accept certs from our domain.

What I would like to do is to add our CA root cert to our team's provisioning profile so that it is recognized, just in development, as a trusted CA. Can someone help me do this please?

If this is not possible, does anyone have any suggestions? Here are the options I see from best to worst.

1. Add internal CA root cert to trusted CAs in dev provisioning profile
2. Buy a cert (don't want to do this because our deployment server already has a valid cert, and i wont want to waste money on a cert that I just need in our dev/test environments).
3. Switch to ASI framework to bypass challenges (don't want to do this because it makes my app less secure. My code is correct and secure as is, but I cannot test in dev/test. I don't want to make my app worse just so that I can test in my dev env.)
4. Switch to async requests and handle challenges by accepting all certs from my domain (also don't want to make code changes for working code. Also it is a huge effort for us to switch to async, and we don't have the time).

All help is appreciated! Thanks.

Answer 1

Well I decided to go with 2 and just turn SSL off for our internal machines. Not the ideal solution, but I couldn't find a better one.