Reputation: 5913
How do I add a self-signed root certificate authority to a device?
How do I install a root certificate authority on a device?
The certificate is only needed for my app, and can be installed in its sandbox if possible.
It works when I drag the certificate onto the simulator and install it, but not using the following code:
let rootCertPath = NSBundle.mainBundle().pathForResource("server", ofType: "der")!
let rootCertData = NSData(contentsOfFile: rootCertPath)!
let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData).takeRetainedValue()
let error = SecItemAdd(
[
NSString(format: kSecClass): NSString(format: kSecClassCertificate),
NSString(format: kSecValueRef): rootCert
], nil)
SecItemAdd returns with no errors, and seems to be installed on the device correctly, but it still fails to connect to the server with with the error:
NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
Code for connecting to server:
let request = NSURLRequest(URL: NSURL(string: "https://" + server + ":" + port)!)
let session = NSURLSession(configuration: .defaultSessionConfiguration())
session.dataTaskWithRequest(request, completionHandler:
{(data, response, error) in
println(error)
}).resume()
error prints the following:
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid.
But again, if I manually install the same certificate in the simulator's profiles, it connects just fine.
Upvotes: 3
Views: 1176
Answers (1)
Reputation: 5913
This is not safe and does not require the certificate
Managed to get this working using sockets (NSStream and CFStream).
The important thing to note is that I needed to disable kCFStreamSSLValidatesCertificateChain for my certificate to work.
class Authentication: NSObject, NSStreamDelegate
{
private var inputStream: NSInputStream?
private var outputStream: NSOutputStream?
func connectToServer(server: String, port: Int)
{
let sslSettings =
[
NSString(format: kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse
]
NSStream.getStreamsToHostWithName(server, port: port, inputStream: &inputStream, outputStream: &outputStream)
CFReadStreamSetProperty(inputStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelTLSv1)
CFReadStreamSetProperty(inputStream, kCFStreamPropertySSLSettings, sslSettings)
inputStream!.delegate = self
outputStream!.delegate = self
inputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
outputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
inputStream!.open()
outputStream!.open()
}
}
Helpful links:
iOS: Pre install SSL certificate in keychain - programmatically
Overriding TLS Chain Validation Correctly
Toll-free bridging and pointer access in Swift
Adding a self-signed certificate to iphone Simulator?
Upvotes: 1
Related Questions
- Adding a self-signed certificate as a trusted root certificate to an Apple keychain
- How to install self signed certificate in iOS 10
- How to install root CA certificate from app on iOS and prompt user to trust?
- Accept self-signed certificate with Swift 3
- Add certificate to https request on iOS
- How to use my own root certificate in iOS Secure Transport API?
- Install root CA certificate programatically on iOS
- How do I register my own Root Certificate Authority in Swift?
- Generating a self-signed certificate with iOS Security.framework?
- How to get an IPhone or IPad (iOS 5.x) to properly recognize my certificate root authority