Install .der file and return back to the app on completion

StackOverflow https://stackoverflow.com/questions/11525264

  •  21-06-2021
  •  | 
  •  

Question

I have an app that needs a certificate installing, which it does so using 

[[UIApplication sharedApplication] openURL:[NSURL URLWithString:CERTIFICATE_URL]];

This hits a web server, gets the certificate and starts the Settings app allowing the user to install the certificate.

On completion, by hitting the done button, the Settings app takes you back to Safari, but at a blank page (or the page you last visited).

Obviously I want to get back to the app using a url scheme, which I have set up.

Does anyone have experience of this and can give any pointers?

I was thinking about having a landing page that the app takes you too which tells you to install the certificate (click a button), and then when it installs I assume it will return you to this landing page after which I could do an auto redirect back to the app if I can determine the certificate was installed successfully.....??

Was it helpful?

Solution

I used one of my Apple tech support questions for this a while ago. Here is the conversation:

David

I'm responding to your question about trusted root certificates on iOS. You wrote:

So the question is: Is it possible to query the Settings app / or installed provisioning profiles to determine if a particular certificate is installed or not.

You can do this by using a trust object (SecTrustRef) to evaluate whether a particular certificate is trusted by the system. I recently published a technote that discusses this overall issue in depth. You should read this before reading the rest of my response.

TN2232 "HTTPS Server Trust Evaluation"

http://developer.apple.com/library/ios/#technotes/tn2232/_index.html

The technote doesn't cover your specific case but it's relatively easy to adapt the techniques it describes to solve you problem. The basic strategy is:

  1. find a certificate issued by the certificate authority -- You could get this from the web site itself (using a HEAD request for the movie), or you could just embed it in your app.

  2. if you have certificate data, create a certificate object (SecCertificateRef) from that -- You use SecCertificateCreateWithData to do this.

  3. create a trust object from that -- You use SecTrustCreateWithCertificates to do this. You'll have to supply a policy object (SecPolicyRef) but creating one of these is easy: just call SecPolicyCreateBasicX509.

  4. evaluate the trust object -- You do this with SecTrustEvaluate. If it returns kSecTrustResultProceed or kSecTrustResultUnspecified, the system trusts the root certificate of the certificate authority that issued the certificate you started with in step 1; if it returns anything else, it's likely that movie playback over HTTPS will fail.

Also, do we even have to leave the app to install a certificate?

Yes, although you might be able to avoid this problem entirely by changing how your movie playback works. I'll discuss this in more detail below.

Can a certificate be install in the keychain somehow [...]

Yes, but this does not cause the system (or even your app) to trust certificates issued by that root certificate. Adding a certificate to the keychain is useful in some cases (for example, if it's part of a digital identity, or if it's an intermediate certificate) but it doesn't help with HTTPS server trust evaluation.

              *                   *                   *

The above all assumes you're playing your movie via progressive download. If your movie uses HTTP Live Streaming (which is what we generally recommend) there's a /much/ better way to solve this problem. The "HTTP Live Streaming" section of TN2232 introduces the idea and has a reference to more detailed information.

This approach offers a number of really important advantages:

o It avoids the need to install a custom root certificate.

o HTTP Live Streaming generally yields better playback, because the system automatically adapts to changes in the available bandwidth.

o If you supply a low-bandwidth stream App Review will let you play movies over WWAN.

o Your media segments are encrypted so you can move them to an HTTP server (as opposed to an HTTPS server). This can significantly reduce the load on your content distribution network.

I strongly encourage you to investigate this option.

Let me know if you have any further questions on this topic.

Quinn "The Eskimo!"

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top