Trust Your Root CA on iOS¶

Complete this guide to download your Start9 server’s Root Certificate Authority (CA), and trust it on your client device (iOS). This allows you to use encrypted https connections to your .local (LAN) and .onion (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server’s main UI, as well as that of all services.

This applies to iOS v15 and v16. For older versions, see the v14 guide.

1. Download the certificate to your Downloads folder

   Note

   In order to do this, open Safari and visit your Start9 server’s .local URL while connected to WiFi, but make sure it is prefixed with http:// and not https://.

   Log in using your password, then click the hamburger (3 lines) menu at the top right, select System > Root CA > Download Root CA. It may say This website is trying to download a configuration profile. Do you want to allow this? Click Allow.

   Once this is done, you can skip to step 3, below.

   If you downloaded the certificate from a browser such as Firefox, you will need to copy the file from that Downloads folder to your iCloud Downloads folder. Navigate there via Files > iCloud Drive > Downloads. Otherwise, the “Profile Download” dialog will not appear when you click on the file in the next step.

2. Open your iCloud Downloads folder and click on the certificate. It will display a dialog box that says “Profile Downloaded.” Click Close.

   

3. Head to Settings > General > VPN & Device Management

   

4. Locate the profile under “DOWNLOADED PROFILE” and tap on it

   

5. Tap Install

   

6. Tap Install again

   

7. Tap Install yet again

   

8. You should see green text with a check-mark saying “Verified” under the Profile Installed dialog.

   

9. Tap Done near the top right.

10. Next, navigate to General > About > Certificate Trust Settings.

    

11. Under “Enable full trust for root certificates”, enable your “<custom-address> Local Root CA”.

    

12. Tap Continue

    

13. Your certificate should now be installed and trusted: