SSL certificate for iPhone -> which CA?

Question

I find all these work-arounds for NSUrlConnection's which use a closed API to access a non-trusted SSL certificate. The other options is to install the certificate first by using the Safari/Mail app..

I'd like to know what root certificates are installed, so I can get one from the trusted CA, the way you're supposed to do it..

Anyone have an idea what CA I need?

Answer 1

Here is a list of the available CA pre installed on the iphone

http://support.apple.com/kb/HT2185

You can get your certificates signed by any of these authorities or you can sign your own certificates and create your own CA using OpenSSL

Answer 2

You can in fact accept a self-signed SSL cert using public APIs:

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
    return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    }

    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}