Hi
Goal: to build smoothest VPN user experience (1 tap) 🙂
I am attempting to build a VPN client for iOS using certificate based authentication. Authentication on the sever side is successful. However if i open the console to test device, I see this error.
failed to retrieve remote CA cert data by CN (Let’s Encrypt Authority X3)
Which is odd because we are using Let's Encrypt certs, of which the root (ISRG Root X1) is inhertly trusted by iOS. How can I verify this cert progmatticly so that the user can connect?
I tried:
func installRootCertificate() -> Bool {
var result: UnsafeMutablePointer<Unmanaged<AnyObject>?>? = nil
var error = noErr
let rootCertPath = Bundle.main.path(forResource: "server", ofType: "der")!
let rootCertData = NSData(contentsOfFile: rootCertPath)!
let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData)
let kSecClassValue = NSString(format: kSecClass)
let kSecClassCertificateValue = NSString(format: kSecClassCertificate)
let kSecValueRefValue = NSString(format: kSecValueRef)
let foo = [ kSecClassValue: kSecClassCertificateValue,
kSecValueRefValue: rootCert.takeRetainedValue()] as CFDictionary
error = SecItemAdd(foo, result)
if(error == noErr)
{
print("Installed root certificate successfully");
return true
}
else if(error == errSecDuplicateItem)
{
print("Duplicate root certificate entry");
}
else
{
print("Install root certificate failure")
}
return false
}
Thanks so much!