How to implement mutual TLS authentication using a DER certificate chain

Programming Languages Swift
svenyonson OP
Created Jan ’21
Replies 1
Boosts 0
Views 1.1k
Participants 2
I'm new at security/certificates, etc, and am trying to understand how to establish an https session from iOS using mutual TLS. Everything I am finding so far is related to PKS12 certificates. In my case, the certificates I receive are in PEM format

  • During the login sequence, an RSA2048 keypair is generated and stored in the keychain, and a CSR is generated. The CSR, username, password is sent to an authorization server.

  • On successful authentication, a PEM file is returned that contains a client cert and a CA cert

  • The PEM is converted to DER format, SecCertificates are created, trust successfully evaluated, and both certificates are stored in the keychain

  • So, now I have these two certificates, and the keypair used to sign the CSR

My question now, is how can I obtain a SecIdentity from what I have in my keychain and use this to use this to create a URLCredential?


Replies  1
Boosts  0
Views  1.1k
Participants  2
DTS Engineer OP
Apple
Jan ’21
Digitals identities are made up of a certificate and the private key that matches the public key in that certificate. Digital identities don’t exist in the keychain as a distinct class of items. Rather, they are synthesised by matching a certificate to private key. That matching is done by the public key hash, which is recorded in various attributes in the keychain. See this post for more advice on this.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
How to implement mutual TLS authentication using a DER certificate chain
First post date Last post date
 
 
Q