iOS Companion app not working with my cert chain for own root CA

When enabling HTTPS in the config, the certificate (chain) works fine with macOS Browsers (Firefox, Safari) and the Companion macOS app. But the iOS app complains that the certificate is invalid (NSURLErrorDomain -1202).

I guess this happens because I am using my own root CA.

I have provided the proper fullchain.pem, containing the certs for the server, the server CA and the root CA.

On iOS I also have provided all those certs in a profile using Apple Configurator and I have fully trusted the root CA certificate on iOS.

The server cert contains SANs for the DNS name used in the iOS and mac app for connecting internally.

(note: when connecting through an NGINX proxy this works fine as the NGINX proxy is using a Lets Encrypt certificate, no own root CA)

I already checked with TLS inspector: the trust chain order of the certificates is: server, server CA, root CA.

testssl.sh complains that the root CA cert is self-signed, which is fine if you have your own root CA. All the other stuff looks good.

If someone got HA Companion on iOS to play nice with his own root CA, let me know what you did and where were the pitfalls to avoid.

1 Like

You’d have to trust/import your private PKI root certificate on your iOS device.
No clue myself, but there seem to be results from Google.

Yes and yes. (Iwrote that I did what you propose. Also I googled extensively and read and understood the related articles and forum responses)

Thanks for caring, still,
looking forward to solutions from people who actually got such a setup to work fine.