I added a PKCS12 file to the Certificates section of the mobileconfig using Apple Configurator. I've installed the profile on the device but I can't see how I can access this cert. I want to use it to response to a NSURLAuthenticationMethodClientCertificate challenge.
Is it possible for an iOS app to get access to the cert this way?
Can you use a mobile config to pass a PKCS12 cert to an iOS app?
No.
This is an ongoing source of annoyance to enterprise developers. I have more details here.
Probably the only thing I’d change in that post is that there’s no need to file another ER for this. I’m confident that the relevant folks fully understand the issue.
There are various ways around this, for example, the idea I discuss here.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Hi Quinn,
Thanks for your answer and those links.
My app is a VPN app and the cert is packaged with the profile (mobile config). It's used by for some API calls to configure the VPN.
Does that seem like a reasonable use case to create a DTS Tech support ticket for access to the com.apple.managed.vpn.shared keychain group? I'm assuming access would solve my problem.
Thanks for all your help.
VPN extensions are one of the few kinds of 3rd party code that can access identities that were provisioned by a configuration profile. Various VPN types have a PayloadCertificateUUID. Set that to the PayloadUUID of an identity type of payload to make that identity available to the extension in the com.apple.managed.vpn.shared keychain access group. See the NETunnelProviderManager documentation.
Do I need to create a DTS support ticket to get the "com.apple.managed.vpn.shared " entitlement?
Do I need to create a DTS support ticket to get the
com.apple.managed.vpn.sharedentitlement?
Yes. See point #9 in Network Extension Framework Entitlements.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
