Given access to the device, I find it much easier and simpler to install my own Certificate Authority than to decompile and modify the IPA.

The CA can also be provided in a .mobileprofile, installable through email.

It also validates as a legitimate certificate, unless the app is looking for a particular certificate, which I think is rare.