Installing CACert Root Certifcates on iOS

X509 certificates are used for “secure” internet connections. They are issued by certificate authorities. To become a trusted certificate authority a root certificate has to be installed. Operating system and web browser vendors deploy a lot of those certificates – usually only from commercial companies (since non commercial organizations cannot be trustworthy).

CACert is an organization which offers X509 certificates for free. Unfortunately there root certificates are not preinstalled on Apple’s devices. But this can be easily done by the users.

Open Safari and go to Tap on “Root Certificate” in the navigation menu on the right side. On the page that gets loaded you find Class 1 and Class 3 root certificates in various formats.


Tap on the class 1 PKI key’s “Root Certificate (PEM Format)”. This brings the “Install Profile” page of the settings app into foreground.

IMG 0079

Tap “Install”. A warning page appears.

IMG 0080

Tap “Install” again. The “Profile Installed” page states that CA Cert is now trusted.

IMG 0081

Tap done and you will return to safari. Now scroll down an tap on the class 3 PKI keys’s “Root Certificate (PEM Format)”. Again, this brings the “Install Profile” page into foreground. But now it says that the certificate is trusted.

IMG 0082

Tap “Install”. This time an alert appears.

IMG 0083

Select “Install Now”. The “Profile Installed” page now states that you also trust the class 3 certificates.

IMG 0084

That’s it. Tap “Done” and you have successfully installed CACert as a trusted certificate authority.