How to fetch the installed Certificates in iOS

Hello,


I want to get a certificates installed in profiles ios, currently we are fetching the available certificates from Mac Keychain like below, is there something like this iOS?


Thank you!


OSStatus status;
    SecKeychainSearchRef search = NULL;

status = SecKeychainSearchCreateFromAttributes(NULL,
                                                   kSecCertificateItemClass, NULL, &search);
 
    if (status != errSecSuccess) {
        [self logMessageForStatus:status
                     functionName:@"SecKeychainSearchCreateFromAttributes()"];
        return nil;
    }
 
    SecKeychainItemRef searchItem = NULL;
 
    while (SecKeychainSearchCopyNext(search, &searchItem) != errSecItemNotFound) {
        SecKeychainAttributeList attrList;
        CSSM_DATA certData;
     
        attrList.count = 0;
        attrList.attr = NULL;
     
        status = SecKeychainItemCopyContent(searchItem, NULL, &attrList,
                                            (UInt32 *)(&certData.Length),
                                            (void **)(&certData.Data));

Replies

is there something like this iOS?

Probably not, but it kinda depends on what you mean by “certificate”. A configuration profile has four certificate types:

  • com.apple.security.root
    (A)
  • com.apple.security.pkcs1
    (B)
  • com.apple.security.pem
    (C)
  • com.apple.security.pkcs12
    (D)

On iOS, type A — and types B and C, if they are root certificates — go into the trust store, not the keychain. There is no API to get at the trust store, but you can see its effect indirectly (via trust evaluation).

Type D — and types B and C, if they are not root certificates — go into the keychain. Types B and C result in a

kSecClassCertificate
entry, and type D results in both
kSecClassCertificate
and
kSecClassKey
entries, typically accessed via
kSecClassIdentity
(remember that a digital identity is the combination of a certificate and the private key that matches the public key in that certificate). Such credentials are not directly accessible to third-party apps, as discussed in QA1745 Making Certificates and Keys Available To Your App explains the background to this.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"