I am working on implementation of vpn app on ios that use the NEVPNManger api to set an ipsec ikev2 vpn.
The vpn server is Strongswan and the client is an ios device.
The authentication method is certificate based, so during authentication the client send his certificate to the server, and the vpn server send his certificate to the client.
The vpn server certificate was signed by custom root ca (e.g. which is not in the default cert store), and in order to close a “chain of trust”, the client must install the root ca that signed the vpn server certificate.
If I install the vpn root ca via profile, everything works as expected. I don’t even need to enable trust for the certificate manually via setting app, installing the certificate is probably enough.
My goal is to install the vpn root ca NOT via profile, and as “silently” as I can.
What I have is the DER Format String for the Root CA Certificate and I added the certficate in keychain using SecCertificateCreateWithData. Firstly I converted the DER Format String in Data Format. Then I have converted this in the form of certificate using SecCertificateCreateWithData. Then adding the same in keychain. It has been added successfully also. But at the time of vpn configuration setup it is not working and not accepting it as the certificate for authentication.
Any idea how to use that certificate for the ipsec ikev2 authentication?