5 Replies
      Latest reply: Oct 12, 2016 4:23 AM by eskimo RSS
      Sanjay Pandit Level 1 Level 1 (0 points)

        I am creating an iPhone app where we want to use x.509 certificates for client authentication. Jut i want to get list of alll certificates from iPhone/iPad  certificates are available under (Settings/General/Device Management/Digital Workspace/certificate)


        1. Is it possible? does apple allow to get certificate list ? if yes, how can i get this?



        Thanks,

        Sanjay

        • Re: How to get Certificates list from iOS device?
          RLKingSoftware Level 3 Level 3 (485 points)

          Not possible. do not waste your time. All apps are sandboxed and only have access to their

          data and any system data shared via Apple's APIs.

            • Re: How to get Certificates list from iOS device?
              Sanjay Pandit Level 1 Level 1 (0 points)

              Thanks for your response on this..

               

              One more question.. Is there any way to check certificate is installed on deveice? certificate name will be constant.

               

              Thanks,

              Sanjay

                • Re: How to get Certificates list from iOS device?
                  eskimo Apple Staff Apple Staff (7,005 points)

                  First, some clarifications:

                  • Given that you’re talking about “client authentication” earlier, I presume you’re talking about digital identities rather than certificates.

                    Note A digital identity is the combination of a private key and a certificate that contains the public key that matches that private key, and is what you need to present on the client side if you want the server to authenticate the client.

                  • It seems that you care about digital identities installed via MDM.  Credentials installed that way are placed in an Apple keychain access group and, as such, are only accessible to Apple apps.  QA1745 Making Certificates and Keys Available To Your App discusses this in more detail.

                  Is there any way to check [whether a digital identity] is installed on [the device]?

                  Not in general.

                  If you post some more information about your overall goal, I may be able to offer more suggestions.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: How to get Certificates list from iOS device?
                      ramonlee Level 1 Level 1 (0 points)

                      Hi Eskimo,

                       

                      I want to achieve the similar.

                      How do I display a list of pfx digital identidy from iOS --> Settings.

                       

                      If i were to open the app using Mobile safari browser it will prompt me to choose the client certificate, i want to achieve the similar using WKWebview.

                      Is this even possible.

                       

                      In addition i have tried to use SafariViewController, this has an unexpected behavior.

                      If i installed the .pfx digital identidy and restart my phone the the single sing on will work, but if i don't restart the phone, the single sign on will not work.

                      Similar when i try to uninstall the .pfx digital identity, and launch the SafariViewController, the single sign on still works until i have restarted my phone.

                       

                      Your response is much appreciated.

                       

                      I have found further details to describe the same problem

                      http://stackoverflow.com/questions/34079135/how-to-clear-sfsafariviewcontroller-credentials

                       

                      Regards,

                      Ramon

                        • Re: How to get Certificates list from iOS device?
                          eskimo Apple Staff Apple Staff (7,005 points)

                          How do I display a list of pfx digital identidy from iOS --> Settings.

                          From inside your app?  In general you can’t.  QA1745 Making Certificates and Keys Available To Your App explains the background to this.

                          If i were to open the app using Mobile safari browser it will prompt me to choose the client certificate, i want to achieve the similar using WKWebView.

                          WKWebView will pass you authentication challenges via the -webView:didReceiveAuthenticationChallenge:completionHandler: navigation delegate callback and, in general, you can handle authentication by responding to those challenges.  However, this does not work in the case of client identity authentication challenges (NSURLAuthenticationMethodClientCertificate).  You get the authentication challenge but, when you respond, the response is ineffective.  We’re tracking this issue as a bug (r. 22659960).

                          The only workaround is to use UIWebView with a custom NSURLProtocol subclass, as illustrated by the CustomHTTPProtocol sample code.  There are, however, multiple drawbacks:

                          • It’s a bit of a hack.

                          • It’s a bunch of complex code.

                          • WKWebView is the modern replacement for UIWebView, so using UIWebView seems like a backward step.

                          In addition, you still have the problem I discussed above, namely, getting the required identities into your app’s ‘slice’ of the keychain.

                          In addition i have tried to use SafariViewController, this has an unexpected behavior.

                          In contrast to WKWebView, SafariViewController is meant to act Just Like Safari™.  As such, it does have access to the Apple ‘slice’ of the keychain.  And it sounds like that works, modulo a restart or two (-;

                          With regards the requirement to restart, IMO that’s a bug and you should file it as such.  Please post your bug number, just for the record.

                          All other things being equal, I think you’d be better off doing this via SafariViewController, and living with the restart issue, than trying to use the UIWebView hackaround.

                          Share and Enjoy

                          Quinn “The Eskimo!”
                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                          let myEmail = "eskimo" + "1" + "@apple.com"