How to install CA root certificate from app on iOS and entice user to trust?

I am using NEVPNManager to create a personal VPN for my iOS app that is running. Now I am trying to install a root CA certificate which can be used by all applications. I understand that the user will need to trust this certificate under General → About - Trust Trust Settings. I am trying to automate as much of this process as possible. The two ways I've found to do this are either:

1) Open Safari with the URL of the root certificate hosted on the website and iOS will prompt the user to install the certificate as a profile.

2) Install the certificate pragmatically in the application.

Option # 1 works, but after the user installs the certificate, it will not return to the application and still have to manually connect and trust the certificate in the certificate trust settings.

With option # 2, if SecItemAdd is used, it is only added to the sandbox keychain for my application and is not available to other applications. The only option I have seen, if available to other apps, is to increase the trust level as shown here , but it seems to require an old open source library from Apple that I was unable to build.

So what is the best option for performing a root certificate installation and getting the user to trust it? If this is possible via # 2, any ideas how I build and then include this library in my application? If I'm left with # 1, how can you simplify the process for the user?

IOS Certificate Trust Settings

+3


source to share


1 answer


SecTrustSettingsSetTrustSettings

and the associated symbols are private API and your app will be rejected by Apple on submission. Even if you manage to compile this open source, it will still export private symbols and your application will be rejected.

Instead, you have to use the API openURL:

and point to a .p12 file hosted locally (using a web server in the application) or on a remote machine. P12 file must contain the certificate chain.



This will open the Settings app and ask the user to install a certificate. Once the user installs, all applications on the device will trust him.

+4


source







All Articles