diff --git a/gRPC.podspec b/gRPC.podspec
index 654f613f1c285eadb9f749e63ea57acd17d2e47c..562b797eaffac71fcef50a4cb905f6beec130caf 100644
--- a/gRPC.podspec
+++ b/gRPC.podspec
@@ -24,9 +24,9 @@ Pod::Spec.new do |s|
 
   s.subspec 'C-Core' do |cs|
     cs.summary  = 'Core gRPC library, written in C'
-  	cs.authors = { 'Craig Tiller'   => 'ctiller@google.com',
-  		           'David Klempner' => 'klempner@google.com',
-  		           'Nicolas Noble'  => 'nnoble@google.com',
+    cs.authors = { 'Craig Tiller'   => 'ctiller@google.com',
+                   'David Klempner' => 'klempner@google.com',
+                   'Nicolas Noble'  => 'nnoble@google.com',
                    'Vijay Pai'      => 'vpai@google.com',
                    'Yang Gao'       => 'yangg@google.com' }
 
@@ -63,4 +63,7 @@ Pod::Spec.new do |s|
   CMD
 
   s.xcconfig = { 'HEADER_SEARCH_PATHS' => '"$(PODS_ROOT)/Headers/Public/gRPC/include"' }
+
+  # Certificates, to be able to establish TLS connections:
+  s.resource_bundles = { 'gRPC' => ['etc/roots.pem'] }
 end
diff --git a/src/objective-c/GRPCClient/private/GRPCChannel.m b/src/objective-c/GRPCClient/private/GRPCChannel.m
index d998a1f32ef57b0595385180c8e11088de38f863..91f2aac40eb2c6493547e4eb3c934c2dbc44407b 100644
--- a/src/objective-c/GRPCClient/private/GRPCChannel.m
+++ b/src/objective-c/GRPCClient/private/GRPCChannel.m
@@ -50,11 +50,14 @@
 }
 
 - (instancetype)initWithHost:(NSString *)host {
+  if (![host containsString:@"://"]) {
+    host = [@"https://" stringByAppendingString:host];
+  }
   NSURL *hostURL = [NSURL URLWithString:host];
   if (!hostURL) {
     [NSException raise:NSInvalidArgumentException format:@"Invalid URL: %@", host];
   }
-  if (!hostURL.scheme || [hostURL.scheme isEqualToString:@"https"]) {
+  if ([hostURL.scheme isEqualToString:@"https"]) {
     return [[GRPCSecureChannel alloc] initWithHost:host];
   }
   if ([hostURL.scheme isEqualToString:@"http"]) {
@@ -73,8 +76,12 @@
 }
 
 - (void)dealloc {
-  // TODO(jcanizales): Be sure to add a test with a server that closes the connection prematurely,
-  // as in the past that made this call to crash.
-  grpc_channel_destroy(_unmanagedChannel);
+  // _unmanagedChannel is NULL when deallocating an object of the base class (because the
+  // initializer returns a different object).
+  if (_unmanagedChannel) {
+    // TODO(jcanizales): Be sure to add a test with a server that closes the connection prematurely,
+    // as in the past that made this call to crash.
+    grpc_channel_destroy(_unmanagedChannel);
+  }
 }
 @end
diff --git a/src/objective-c/GRPCClient/private/GRPCSecureChannel.m b/src/objective-c/GRPCClient/private/GRPCSecureChannel.m
index a12a1a8c17bb01580aabefda2038bc21de791ccc..5ed788347c7cda9462a22c9d155d67700d9f639f 100644
--- a/src/objective-c/GRPCClient/private/GRPCSecureChannel.m
+++ b/src/objective-c/GRPCClient/private/GRPCSecureChannel.m
@@ -35,11 +35,36 @@
 
 #import <grpc/grpc_security.h>
 
+static const char *kCertificates =
+"# Issuer: CN=GTE CyberTrust Global Root O=GTE Corporation OU=GTE CyberTrust Solutions, Inc.\n"
+"# Subject: CN=GTE CyberTrust Global Root O=GTE Corporation OU=GTE CyberTrust Solutions, Inc.\n"
+"# Label: \"GTE CyberTrust Global Root\"\n"
+"# Serial: 421\n"
+"# MD5 Fingerprint: ca:3d:d3:68:f1:03:5c:d0:32:fa:b8:2b:59:e8:5a:db\n"
+"# SHA1 Fingerprint: 97:81:79:50:d8:1c:96:70:cc:34:d8:09:cf:79:44:31:36:7e:f4:74\n"
+"# SHA256 Fingerprint: a5:31:25:18:8d:21:10:aa:96:4b:02:c7:b7:c6:da:32:03:17:08:94:e5:fb:71:ff:fb:66:67:d5:e6:81:0a:36\n"
+"-----BEGIN CERTIFICATE-----\n"
+"MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD\n"
+"VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv\n"
+"bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv\n"
+"b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV\n"
+"UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n"
+"cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n"
+"b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH\n"
+"iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS\n"
+"r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4\n"
+"04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r\n"
+"GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9\n"
+"3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P\n"
+"lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/\n"
+"-----END CERTIFICATE-----\n";
+
+
 @implementation GRPCSecureChannel
 
 - (instancetype)initWithHost:(NSString *)host {
   // TODO(jcanizales): Get the certificates here.
-  grpc_credentials *credentials = grpc_ssl_credentials_create(NULL, NULL);
+  grpc_credentials *credentials = grpc_ssl_credentials_create(kCertificates, NULL);
   return (self = [super initWithChannel:grpc_secure_channel_create(credentials,
                                                                    host.UTF8String,
                                                                    NULL)]);