User Profile

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

13 Replies

contentPostList.repliesup-voted.tooltip

Replied In ATS Certificate Revocation Check

Thank you for your response! I would like to inquire further about what you meant by ATS being disabled when we use a custom CA. When we use our server certificate signed by our custom CA, TLS is definitely in use (invalidly signed or configured server certificates cause TLS errors, while valid certificates work fine). Besides TLS, what other security features are provided by ATS that we would have to forgo if we use a custom CA for our server certificate?

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

13 Replies

contentPostList.repliesup-voted.tooltip

Replied In ATS Certificate Revocation Check

We have NSAppTransportSecurity, since we have NSPinnedDomains and NSPinnedCAIdentities for our server domain and our custom CA certificate. Regardless, is your recommended solution to this to have the server bear a certificate signed by a trusted CA like Digicert, and then we can have our own custom PKI for our client auth scheme, since we want to at least control the client CA.

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

13 Replies

contentPostList.repliesup-voted.tooltip

Replied In ATS Certificate Revocation Check

Yes, that is correct

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

13 Replies

contentPostList.repliesup-voted.tooltip

Replied In ATS Certificate Revocation Check

Sorry, I'm a little confused. We have been using our custom CA for a while and in our plist file, in NSAppTransportSecurity, we do not have an exceptions enabled and have NSAllowsArbitraryLoads as false. Is that not enough to have ATS considered enabled? Because SSL verification is definitely happening: when an incorrectly configured server certificate is presented, we have SSL verification errors. We're only encountering issues now when we want certificate revocation.

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

13 Replies

contentPostList.repliesup-voted.tooltip

Replied In ATS Certificate Revocation Check

We want to use a custom PKI for both client/server authentication in a sensitive application where we want to control the processes (we don't want an externally hosted CA). We are developing in-house all the parts of the PKI, including an OCSP responder, and we have gotten our custom certificates to work on our iOS app. The only part we don't have is getting the iOS app to check for certificate revocation.

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

13 Replies

contentPostList.repliesup-voted.tooltip

Replied In ATS Certificate Revocation Check

Yes that is all correct.

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

7 Replies

contentPostList.repliesup-voted.tooltip

Replied In How to get Certificates list from iOS device?

..