Blog post: https://blog.sidetrack.app/debugging-in-production
-
Open Keychain Access
-
Click Keychain Access, Certificate Assistant, and Create a Certificate Authority
-
Provide a name, and select 'Let me override defaults'
-
Unselect 'Make this CA the default'
-
Change the validity period as necessary, I recommend setting this to a longer length (such as 10 years)
-
Leave the rest of the options, and click Next through the rest of the pages
-
To verify, click 'Show CA Certificate'
-
Click Keychain Access, Certificate Assistant, and Create Certificate
-
Set the Identity Type to 'Leaf'
-
Set Certificate Type to 'Custom' and choose the certificate authority we created earlier
-
Override defaults and set the same validity period as you wish
-
Set the Issuer to your certificate authority you made earlier
-
Leave the rest of the options, and click Next through the rest of the pages
-
Delete the private keys for both the certificate authority and the leaf certificate
-
Right click on the Leaf certificate and press 'Export'
-
Select the '.cer' file format
-
Export this and add it to your iOS project (ensuring it's target membership includes your main app)
-
Right click on the authority certificate and press 'Export'
-
Select the '.cer' file format
-
Export this to your project (it's good to keep it in source control) but do not add it to your app target
The leaf certificate is shipped with your application.
The authority certificate is what is installed on the device, and is what enables the SecTrustEvaluateWithError
call to succeed.
Using the Apple Configurator app, click on File and New Profile. Provide a name and other required details. Under Certificates, click Configure and select the CA certificate exported in step 19. This will generate a profile - you can name it anything.
There are numerous ways to install the profile onto a device. At Sidetrack, we store it in a secure Google drive where we can install it from their mobile app. Though while we've got it open, we'll do it in Configurator. Select your device and click Add. Select your profile and confirm.
Now this adds it to your phone's storage, but you must first install it for it to be trusted. Head to your iPhone Settings, General and then VPN & Device Management. Your custom profile should appear, in which case you can select it, tap Install, enter your passcode, tap Install again and you're done.
At this point the isDebugProfileInstalled
computed variable should start passing, and you can use it to unlock functionality in your app.
Using the CLI worked, made it harder for my monkey brain to mess up. Thanks!