1

I've read this question on stackoverflow so I knew I can't read an installed certification in configuration profile from an app.

Here's what I've tried:

  1. Copy the certificate (.p12) which is self-signed from my macbook through AirDrop.
  2. Then iPhone will asked me to install it, so I installed.
  3. Now I can see the certificate in Settings->General->Profiles & Device Management, but in the profile there are red words Not Verified below Signed by. I guess it is because the certificate is self-signed.
  4. I develop an app that use [NSURLSession dataTaskWithURL: ...] to request an web page, without [URLSession: didReceiveChallenge: ...].
  5. The app got error Code=-1202 "The certificate for this server is invalid.", which is the same error I got before I installed the certificate.

UPDATE: I tried it again and I noticed that the certificate I got is not signed, maybe this is the real reason why I failed and the profile shows not verified? Maybe I should ask my colleague who give me this certificate.

What I need is to copy a self-signed certificate (.p12) from my OSX into my iPhone/iPad and then develop an app to read it as a credential when calling a web API.

Since each authorized user will get different certificates, I can't just put the certificate in the app's main bundle.

I know I can download a certificate through an app (maybe with some authorized token), but since the server hasn't developed this api yet, I need to copy certificate manually when I test my app.

Can someone teach me how to copy the certificate and read it from my develop app.

Thanks for your help :)

Griiid
  • 21
  • 3
  • If this is just a temporary solution for debug reasons until the API is done, how I understand, why not just add the certificate file to the Xcode project/bundle? If you need it to be on the actual device, you cn simply send it by email, open it on the device, add and trust it within the iOS settings app. – shallowThought May 22 '17 at 11:03
  • Hi @shallowThought , thank you for your reply. I did send it by email and added into configuration profile, but as I mentioned, I can't read certificate in configuration profile from app, do you have other suggestions about this?. I also tried use `[NSURLSession dataTaskWithURL: ...]` to request an web page with the certificate in configuration profile, without implement `[URLSession: didReceiveChallenge: ...]`, it still return error (Code=-1202 "The certificate for this server is invalid.") – Griiid May 23 '17 at 01:51
  • Did you trust it on the device? – shallowThought May 23 '17 at 09:53
  • Yes, I installed it, I can see it in my `Settings->General->Profiles & Device Management`. I used air drop to copy the certificate from my macbook. – Griiid May 23 '17 at 10:02
  • After installing it, you also have to trust it explicitly. It than says "trusted" and (I think) has a green checkmark. MAybe update your question with the new information (What is added/trusted, how, what exact code gives you which exact error). – shallowThought May 23 '17 at 10:05
  • Hi @shallowThought, thanks a lot. I've update my question to tell what have I tried with the installed certificate. I guess it was because the certificate is **self-signed**, I can't get a green check-mark on it. – Griiid May 23 '17 at 10:26

1 Answers1

0

I just tested this:

  • Create a self signed certificate. Enter a pass-phrase and leave everything else empty:

    openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

  • Send it to yourself via e-mail

  • Open the e-mail on the iOS device and open the attached cert.pem file

  • In the opened settings menu, click install:

  • Type in your devices pass code

  • Confirm by clicking install.

-> Result: trusted certificate:

shallowThought
  • 19,212
  • 9
  • 65
  • 112
  • hmm... I tried it again and I noticed that the certificate I got is **not signed**, maybe this is the real reason why I failed and the profile shows **not verified**? Maybe I should ask my colleague who give me this certificate. – Griiid May 23 '17 at 12:11
  • That makes sense to me. – shallowThought May 23 '17 at 13:23