iOS: Pre install SSL certificate in keychain - programmatically
I want to install/save a certificate in the keychain before the user visits the site. I have a HTTPS server, and my app authenticates the user before they go to https://mysite.
Is there a way that I can install/save the certificate via a POST request in the keychain or can I copy that certificate (the file) to the resource bundle to mark it trusted?
Answer
Once you have the server certificate in der format you can try the following code:
+ (void) addCertToKeychain:(NSData*)certInDer
{
OSStatus err = noErr;
SecCertificateRef cert;
cert = SecCertificateCreateWithData(NULL, (CFDataRef) certInDer);
assert(cert != NULL);
CFTypeRef result;
NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:
(id)kSecClassCertificate, kSecClass,
cert, kSecValueRef,
nil];
err = SecItemAdd((CFDictionaryRef)dict, &result);
assert(err == noErr || err == errSecDuplicateItem);
CFRelease(cert);
}
It will add the certificate to the keychain sandbox of your application i.e. no other application will trust your cert.