I built a system like this in our internal iPad app.
Forget the System preferences, profiles, etc. All certificates installed in this way are inaccessible to third party apps but only to the system apps, probably because are installed into the Apple keychain.
I have explored these three methods to load the certificate and used the last one:
- Bundle into the app, as you have already seen is impractical
- Send a file from another app (e.g. email)
- Use a link to download (what I did)
FOREWORD
- I think you have built your simil-PKI, with a CA, an automatic/manual way to issue/revoke certificates, etc.
So the problem is the delivery to devices.
- For all the solutions I suggest to save the private key and cert in PKCS #12 format with a strong password.
- Use an MDM to manage the devices and if your app is internal and will be used with company's devices supervise them for added options
(e.g. Meraki, is free but do not handle the ManagedAppConfiguration)
SOLUTIONS
Solution 1)
Impractical because is very hard (to impossible) to generate different versions of the app with specific certificates. Not to mention that will be nearly impossible to handle the distribution of a specific version on every single device of the users.
Solution 2)
- Save the .p12 file
- change the file extension to a custom one
- register that extension to open with your app, so in the "Open in..." will be listed your app
"Open in" for specific document type
The safest way should be that the user can select the password to encrypt the .p12 file so when the p12 will be opened the user must enter his password but this lead to other work to make it work.
A less safe but working method is to use a single strong password embedded in the app and use that for all .p12 files
Solution 3)
Similar to 2) but you download the file directly from a specific URI of your web application, this allow some automatic configuration because the app can identify himself.
Basically these are the steps:
- the app connects to a specific URL of our application via HTTPS.
- checks that the server certificate is correct (trusted origin).
- send something to authenticate.
In our case I use the device name that I set up during device preparation and I can change it remotely using MDM.
- download the configuration bundle with the certificate in it
I use a JSON payload to send the PKCS #12 file base64 encoded and other data to config the app.
If your MDM supports ManagedAppConfiguration you can change a bit these operations to build a more flexible behavior:
With ManagedAppConfiguration you can send a specific string inside every app NSUserDefaults remotely, so you can use a different or temporary URLs/tokens to download the config bundle and ditch completely the use of devices name for authentication.
WWDC 2014 #704 - Building Apps for Enterprise and Education ~13:00
Apple Developer - ManagedConfig Sample App
ADDED PARANOIA
log everything! Everything that this part of the app does (failed/wrong requests, not existent device names requests, etc)
the configuration URL is activated/deactivated only when we need to configure new devices.
You can done this a lot of ways, my webapp checks for the presence of a specific file so I can do something like touch APP_CERTIFICATES_CONFIG_ENABLED to activate the auto-configuration service and disable everything deleting the file.
Just to be sure that no certificate will go around without my supervision.
