All geek questions in one place

Store and receive x509 certificate in iPhone keychain

Can a third-party application access the iPhone keychain to add the X509 certificate? If so, how can this be done?
If not, can he access the key chain for read-only certificates?

Basically, I need:
1) my application needs to access the https site, which uses a certificate that is not signed by any trusted CA. when I try to connect via https, I get an exception.
2) it would be great if I could programmatically add a root certificate to the key chain; it would be enough if the user could access the site through Safari, accept his certificate and then access the site using my application.

So far, I have used the following interface to outperform https:

@interface NSURLRequest (DummyInterface) + (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host; + (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host; @end

but that’s not quite what I want.

Any suggestions?

+6
source share
1 answer

This document Apple should document enough material to allow and trust the self-signed certificate (or self-signed certificate authority) in the keychain. I have not tested this. A source

See also top answer on this question . However, it does not seem to actually verify the validity of the certificate. Cocoanetics has also documented how to use NSURLConnection with self-signed certificates , and also does not seem to validate.

So, you almost certainly want to follow Apple's instructions. The section "Extracting and evaluating an identifier from a * .P12 file" contains a complete example of how to import a certificate, even one protected by a passphrase.

Combine this with the AdvancedURLConnections example code and the ServerTrustChallengeHandler class, and you should be good to go.

Here is also a more complete example of Vanya Komadinovich .

+3
source

Source: https://habr.com/ru/post/915702/

More articles:


All Articles