How to use Client Certificate Authentication in iOS App

Question

I don't have a lot experience about Client Certificate Authentication. Anybody can tell me how to use it in iOS app? Thanks :)

Answer 1

Your NSURLConnection delegate should respond to the connection:didReceiveAuthenticationChallenge: delegate method (see link below).

http://developer.apple.com/library/ios/documentation/cocoa/reference/foundation/Classes/NSURLConnection_Class/Reference/Reference.html#//apple_ref/occ/instm/NSObject/connection:didReceiveAuthenticationChallenge:

It should respond by asking the challenge for its 'sender' and providing it with an appropriate credential.

Something like:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
  id sender = [challenge sender];

  // create a credential from a certificate
  // see doco for details of the parameters
  NSURLCredential *creds = [NSURLCredential credentialWithIdentity:ident certificates:certs persistence:persistence];

  [sender useCredential:creds forAuthenticationChallenge:challenge];
}

See the NSURLCredential class reference for details of how to create a credential based on a certificate:

Answer 2

Before using client certificates in your app (as already answered by Jake) you have to implement import of certificate within your app to your app keychain. (note you need to use PKCS#12 certificate format, but you need to register it in your app (search for exported UTIs and Document types) with different extension, other than ".p12", which is already registered by the iOS. I've used .x-p12 in my app)

Or you need to include the certificate with your app bundle.

See here: iOS Client Certificates and Mobile Device Management

and here: https://developer.apple.com/library/ios/qa/qa1745/_index.html