Adding a self-signed certificate to iphone Simulator?

0 votes
asked Feb 8, 2010 by jr

I have a self-signed certificate at the endpoint of my API. I'm trying to test some things using the simulator but am getting "untrusted server certificate".

I have tried to use safari on the simulator to download the .crt file, but that doesn't seem to work.

Where does iPhone Simulator get its keychain from? How can I add a trusted certificate so my application will work?


I got it to work by creating a CA and then adding a CA certificate using the iPhone provisioning tool. Then I was able to have a certificate signed by that CA certificate on the API server and the NSConnection just worked. I was not able to get it to work using a self-signed certificate for some reason. I need to re-attempt this using the provisioning software.

My real question is how do I get this to work on the simulator? I would think that the simulator uses the keychain of the actual computer.

6 Answers

0 votes
answered Feb 12, 2012 by jonah

Take a look at the shell script Charles uses to install their self signed cert into the simulator's keychain.

See also:

It looks like installing your own certificate in the simulator may require installing it on a device via Safari and then copying the resulting row from the device's TrustStore.sqlite3 into the simulator's.

0 votes
answered Feb 17, 2012 by heath-borders

Using iPhone Backup Extractor, I copied my iPhone's TrustStore.sqlite3 into ~/Library/Application Support/iPhone Simulator/6.0/Library/Keychains, overwriting the existing file. I tried to only insert a single row with the following sqlite, but I couldn't get it working.

sqlite3 ~/backup/iOS\ Files/TrustStore.sqlite3
sqlite3>.mode insert
sqlite3>.output working.sql
sqlite3>select * from tsettings;

Now, working.sql has the entire contents of the tsettings table (in my case, 1 row).

sqlite3 ~/Library/Application\ Support/iPhone\ Simulator/6.0/Library/Keychains/TrustStore.sqlite3
sqlite3>INSERT INTO tsettings VALUES(X'...

Again, the above sqlite commands didn't work for me, but might be a good starting point for someone else. Copying the entire TrustStore.sqlite3 from the backup into the simulator worked just fine.

0 votes
answered Feb 18, 2013 by seafoxx

Just for Info, if someone still runs into that problem:

simply drag & drop your .cer Files into your running Simulator window. You'll see Safari flashing and then the import dialog for your Certificate (or Certificate Authority)...

Working for iOS 7 Simulator (and i Think did work for iOS 6 too).

0 votes
answered Feb 16, 2015 by yageek

Take a look at the iostrust Ruby gem:

0 votes
answered Sep 15, 2017 by jeef

I had this same issue for months and today I FINALLY solved it with:


You are going to want to use a project called ADVTrustStore from github. It does some fancy magic but it will correctly install certificates into your root trust-store on the simulator.

Steps to install a custom cert

# Clone the repo
git clone

# Enter the repo directory
cd ADVTrustStore/

# Copy your .crt file 
cp somewhere/something.crt my.crt

# conver to a .pem file
openssl x509 -in my.crt -out my.pem -outform PEM

# Install the pem in the simulators
./ -a my.pem

Using this process I was able to get GoogleStreetView images to render correctly while behind a corporate firewall using SSL resigning with self-signed certificates


I was using CharlesProxy and i noticed it was correctly installing certificates into the Simulator but they did not show up in the Settings - Profiles section. Then after some searching I discovered this tool. There are probably a few other tools out there but in my case the drag-and-drop never worked correctly for all cases. Safari would be fine but not my applications.

0 votes
answered Sep 15, 2017 by gautham-c

For those who find that the dragging and dropping of the certificate on the Simulator isn't working, there was a recent change that adds an extra step.

The Simulator must be explicitly told to trust the root CA. Do this by going to:

General -> About -> Certificate Trust Settings -> "Enable Full Trust for Root Certificate" for your particular certificate

See the full answer here:

Welcome to Q&A, where you can ask questions and receive answers from other members of the community.
Website Online Counter