Since Apple is deprecating support for ACL on MacOS 10.15+, if we were to store private key - x509 cert in iOS style keychain using keychain access group, will Safari browser be able to recognize that and prompt for cert picker?
Thanks, Peter
Can Safari browser pick up x509 cert that is linked to ios style keychain on MacOS?
if we were to store private key - x509 cert in iOS style keychain using keychain access group, will Safari browser be able to recognize that and prompt for cert picker?
Not sure. To test this I would make sure that your private key and certificate are saved as an identity in the Keychain. Next, make sure the the client authentication challenge sends back the CA Names that match the issuing certificate that issued your leaf so they can be matched in the certificate picker.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Another thing to consider here; if your app adds an identity to the Keychain with ACL on the private key for your application, then Safari will not be able to access this identity.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com