This post assumes the user is using a Macintosh running 10.5.x or greater. It will still work with Linux or other Unix OS’s, but you’ll need to do some digging to get the proper commands. This way is all GUI driven.
- Have access to a computer running ≥10.5.x
- Have a self signed certificate your web server is using for SSL
- Have configured WordPress to require SSL for XMLRPC and Login (using “define(‘FORCE_SSL_ADMIN’, true);”) (Admin over SSL).
Assuming all of this, the process is not too difficult.
The basic gist is that you need to create a Certificate Authority, and then sign your SSL web cert with this CA. Once you’ve done that, you can then take the CA certificate, and email it to your iphone, and install it there.
So basically, you need to create a CSR (Certificate Signing Request) from your SSL cert you’re using on your webserver. If you’re using Mac OS Server 10.4 or greater, you can do this in Server Admin very easily. If you’re not, then you need to do some command line magic.
Something like this here: http://sial.org/howto/openssl/csr/
Once you have that CSR, you then can go into Keychain Access on your mac, and under the “Keychain Access” menu, go to “Certificate Assistant” and say “Create a Certificate Authority…”. Walk through that wizard, and most of the defaults are fine. You’ll want to put in your name, email, etc.
Once that’s done, you can go back into Certificate Assistant, and say “Create a Certificate for Someone Else as a Certificate Authority…”. This basically will sign your certificate. It’s like a self-signed certificate, only you actually have the CA cert to “trust”. Walk through that, though you may have to change the defaults for what the certificate is for.
Once you’ve done that, you’ll need to use this new certificate, as your SSL certificate. You do that by exporting the SSL cert as a .pem, and then replacing your public SSL cert with this one. Restart your web server, and you should have a signed cert. Assuming you trusted your own CA, you also shouldn’t get any warning about it being untrusted.
Now, once that’s done, you can export the public CA cert, as a .crt, and email than to your iphone. Once you get that, you can click it, choose to install the profile, and you’re done. The wordpress app should now work.
Please contact me if none of this makes sense, or if you need additional info. I was going to put up screen shots, but that just delayed me posting this. Which I wanted to get done.
Have a great rest of the week, and weekend!