I am using NEVPNManager & IKEV2 certificate as my authentication method for connecting to the VPN. I am able to connect to the VPN. Below mentioned is my sample block of code.
guard let path = Bundle.main.path(forResource: VPNConstants.certificateName, ofType: ".p12") else {
fatalError("Unable to find Certificate")
}
do {
let data = try Data(contentsOf: URL(fileURLWithPath: path), options: .mappedIfSafe)
ikev2.identityData = data
}
catch {
fatalError("Unable to find Certificate")
}
ikev2.identityDataPassword = VPNConstants.password
I tried to install the root certificate using SecCertificateCreateWithData and SecItemAdd methods part of the Security framework, I don't get any errors installing the certificate, but it doesn't appear in my iOS Profile & Device Management and TrustStore. Below is the block of code I am using for the same.
fileprivate func installCertificate() {
guard let path = Bundle.main.path(forResource: "rootcertificate", ofType: "der") else {
return
}
do {
let data = try Data(contentsOf: URL(fileURLWithPath: path), options: .mappedIfSafe)
var status: OSStatus = noErr
guard let rootCert = SecCertificateCreateWithData(nil, data as CFData) else {
return
}
let addquery: [String: Any] = [kSecClass as String: kSecClassCertificate,
kSecValueRef as String: rootCert,
kSecAttrLabel as String: "My Certificate"]
status = SecItemAdd(addquery as CFDictionary, nil)
if status == noErr {
print("Install root certificate success")
}
else if status == errSecDuplicateItem {
print("duplicate root certificate entry")
}
else {
print("install root certificate failure")
}
let policy = SecPolicyCreateBasicX509()
var optionalTrust: SecTrust?
let certArray = [rootCert]
status = SecTrustCreateWithCertificates(certArray as AnyObject,
policy,
&optionalTrust)
guard status == errSecSuccess else {
return
}
let trust = optionalTrust!
var trustResult = SecTrustResultType.invalid
status = SecTrustEvaluate(trust, &trustResult)
print(trust)
if status == noErr {
print("Trust root certificate success")
}
else if status == errSecDuplicateItem {
print("Trust Fail")
}
else {
print("Trust Fail")
}
}
catch {
print("Trust root certificate failure")
}
}
Currently, I am installing the root certificate via Safari or Mail. Also, my root certificate is self-signed. I am aware that Certificate trust will be enabled only if signed by a Trusted CA, but how can I add it to iOS Profile & Device Management at least.
Any help is appreciated, Thanks in advance!!!