终于发现了一个删除信任里残留证书的方法

之前用Shadowrocket的HTTPS解密需要导入证书功能,但是换iPhone X的时候,恢复备份之后发现证书所依赖的描述文件没有被恢复过来,但是信任证书居然还残留在里面删不掉,虽说忽略掉不打开信任开关也没问题,但是比较还是会逼死强迫症的。翻查网络和询问作者都一直误解,终于今天在Telegram上面Shadowrocket的作者推送了这个链接,问题终于得到了解决!

https://apple.stackexchange.com/questions/300203/how-can-i-delete-a-certificate-that-got-restored-from-a-backup-under-ios-10-11

With iOS, certificates are installed as part of profiles. Deleting a certificate means removing the profile.

When an iPhone with profiles is backed up, and then the backup is restored to a new device, the profiles are no longer visible under Settings > General > Profiles. So, they can’t be deleted via the usual way.

The certificates however get restored to the device. One can see them e.g. under Settings > General > About > Certificate Trust Settings.

Hence my question: How can these certificates be deleted from the device?

I found a certificate in my iOS device’s Certificate Trust Settings. And it was not be found in Profiles. Finally I remove it by add the cert file again, and then I can found and remove it in Profiles.

At first, I can’t found the cert file, because this CA was installed years ago. So I did these things:

Backup iPhone to Mac, View backup file by some software (I used iMazing)
Find TrustStore.sqlite3 in Backup/KeychainDomain/ and export it to HOME DIR.
Use this project https://github.com/ADVTOOLS/ADVTrustStore to export certfile

./iosCertTrustManager.py -t ~/TrustStore.sqlite3 -e ~/foo.crt
Airdrop or Email this crt file to iOS device, and install it.
Find it in Settings > General > Profiles and Remove it.
It disappear in “Certificate Trust Settings”
Done.

 

《终于发现了一个删除信任里残留证书的方法》上有1条评论

  1. 其实只需要在“通用-关于-描述文件”里面删除了相关文件,证书也就跟着一起删除了。

发表评论

电子邮件地址不会被公开。 必填项已用*标注