3

I am working on a HTTPSClient for iOS. I have a CA Certificate in DER format in my application in order to perform Trust & Evaluation. Unfortunately I am not able to load the certificate with SecCertificateCreateWithData. My caRef stays nil and I do not get an error message.

(I export my CA certificate from a windows server)

certDataRef always has some bytes.

I also stumbled across Created a certificate using SecCertificateCreateWithData on iOS and iPhone Simulator custom CA certificate . Is it true that iOS requires some certificate attributes/extensions? Or do I just have to run this on a device instead of the simulator?

NSData *derCA = [NSData dataWithContentsOfFile:caDerFilePath];
if (!derCA) {
    return nil;
}
        
CFDataRef certDataRef = (__bridge_retained CFDataRef)derCA;
SecCertificateRef caRef = SecCertificateCreateWithData(kCFAllocatorDefault, (__bridge CFDataRef)(derCA));
if (!caRef) {
    return nil;
}
peterh
  • 11,875
  • 18
  • 85
  • 108
midori
  • 450
  • 6
  • 19

2 Answers2

1

If you have DER formatted cert you can do the following two steps and SecCertificateCreateWithData will work.

  1. Make DER to PEM. Use command: openssl x509 -in urcert.der -inform DER -out urcert.pem -outform PEM.
  2. In the PEM formatted cert you will have ---BEGING CERT ---- and ---- END CERT --- which you have to strip off. You can use command like this to get rid of the first and last line: tail -n +2 urcert.pem | head -n -1 > urcert.pem.new && mv urcert.pem.new urcert.pem

Now you can execute the code you had to load the cert and feed to SecCertificateCreateWithData.

JabberwockyDecompiler
  • 3,318
  • 2
  • 42
  • 54
Mehrab Monjur
  • 62
  • 4
0

I had similar problem and in my case the certificate file data was in base64 format. While this worked perfectly on android and windows, I had to decode base 64 string into byte array and save the file in binary format for making it work with iOS.

chejaras
  • 862
  • 5
  • 10