I'm using AFNetworking and doing SSL Pinning. Everything is working fine. Now, I need to download a SSL certificate and extract it's public key to generate a string.
So, what I need is:
Any tips?
In your Terminal:
openssl s_client -showcerts -connect example.com:443
It will spit out some text, including a certificate chain. Each .pem certificate in the chain looks a bit like this:
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIIKb4U4/7LHkIwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
... (many lines omitted) ...
Pi2TrNk/2vFUM/4qxWdjC8bmBLOhmDcZjomRbP6hHf4hwo9iS5ng5U+f
-----END CERTIFICATE-----
The first listed in the chain is usually the actual SSL certificate, the last is the root. Select whichever of the certificates you need (including the BEGIN CERTIFICATE and END CERTIFICATE lines) and save each in a file with extension .pem
To actually use it in your app and with AFNetworking, there is one more step. Convert it to DER format:
openssl x509 -in certificate.pem -outform der -out certificate.cer
Take the .cer file and drop it into your Xcode project, and add it to the desired target (it should automatically get added to the "Copy Resources" build phase.) If it is in the DER format and ends with the extension .cer, AFNetworking should find it on its own.
Once you get the certificates in your bundle, you can read them like any file. Look at the AFSecurityPolicy class to see how to extract the key from a certificate.
I need to download the certificate in runtime. From my app.
The SSL certificate from my webservice changes from time to time. So, my app (using AFNetworking) needs to download the SSL certificate and extract it's public key.
@hdoria No such functionality exists to download certificates at runtime in AFNetworking, to my knowledge.
For what it's worth, such a feature does not sound entirely sensical, as it appears to rely on an insecure network connection as a basis for creating a secure connection. I would not recommend this approach, and instead find a way to use AFSecurityPolicy as designed.
Most helpful comment
In your Terminal:
It will spit out some text, including a certificate chain. Each .pem certificate in the chain looks a bit like this:
The first listed in the chain is usually the actual SSL certificate, the last is the root. Select whichever of the certificates you need (including the
BEGIN CERTIFICATEandEND CERTIFICATElines) and save each in a file with extension.pemTo actually use it in your app and with AFNetworking, there is one more step. Convert it to DER format:
Take the .cer file and drop it into your Xcode project, and add it to the desired target (it should automatically get added to the "Copy Resources" build phase.) If it is in the DER format and ends with the extension .cer, AFNetworking should find it on its own.
Once you get the certificates in your bundle, you can read them like any file. Look at the AFSecurityPolicy class to see how to extract the key from a certificate.