My mobile app needs to connect to a server with self-signed certificate only. Is it possible to do this? Because the app is built using codenameone, there are many Java classes missing and thus I can't use normal Java solution.
The app needs to be run in both iOS and Android.
Thanks for any suggestions.
At this time this isn't supported since Codename One uses the native connection API's on the various platforms (e.g. NSUrl on iOS so this can't be implemented there.
In fact Apple recently limited the ability to access non-https URLs so even if this was added it might trigger an issue with Apple's future policies.
Since valid certificates can be purchased for 5USD the motivation in using self signed certificates is much lower than it used to be in the past.
Related
The app I am currently working on requires the use of Configuration Profiles in order to connect to a server to download XML. The certificates are distributed in the form of .p12 files, and they can be installed in the settings app in the iPhone like the bottom-left image.
The problem is that all over the internet people are saying that this is impossible.
HOWEVER, Junos Pulse can do this(bottom-right image).
It is only reading the Configuration Profiles which is exactly what I need.
I did not have to install them into the Junos Pulse app. Adding them to the system, and launching the app is enough for my profiles to be recognized.
Thanks for your help :)
The reason the Junos app is able to do this has been explained in a post in the Apple Developer Forums.
Original Question: https://devforums.apple.com/message/660579#660579
Explanation about Junos app: https://devforums.apple.com/message/351326#351326
To sum it up, access to this is not provided in the SDK and is by invitation from Apple only.
You won't. Your application is sandboxed, read the iOS App Programming Guide. Developer profiles are not public information for applications to access.
I am not sure what you are trying to accomplish, but the iOS Keychain services allows you to store and retrieve certificates and keys in a (supposedly) secure way. I have not used the API for other than storing passwords, so I cannot say how it works with certificates, but according to the docs it might work for you.
In particular, have a look at the SecItemCopyMatching function.
We are developing an iPhone app, and we have one client who wants to use their own SSL certificate bundle. As far as I know this is not possible since the app can't access the device cert (assuming the client just install their own bundles on each of their device). Other option is to submit a whole different app just for them, but that's not a good solution and I am trying to avoid that.
Does anyone have experience with this sorts of problems? I tried to google around but could not find anything.
Any help or direction would be much appreciated!
Is there any way to distribute an unsigned app through emails or internet?
I.e. itms-services://?action=download-manifest&url=URL_TO_PLIST.
Moreover, it is a security issue if it is possible to install unsigned app on a jailbroken device?
Thank you.
I can't quite understand what you're trying to do here - if you're trying to install an app that is not on the App Store and also unsigned with the itms-services-protocol, you are out of luck, as that is strictly for iTunes and App Store-links.
The only way to distribute an app that is not on the App Store, is with the ipa-file, but that has to be signed as well (at least for unjailbroken devices).
You can do it in cydia with link like cydia://package/[package name]
However security is really a question here. Not sure if there any code review for the accepted packages.
Sorry if this is an extremely late response, but the question isn't closed yet, so I'm assuming you still need an answer. It is a security concern, but with a jailbreak, users are technically "opening" their device to such security threats, so I don't think that's much of a concern. If they jailbreak, they probably know what they're doing.
To answer the first part of your question, you can use ldid to pseudo-sign the app and then create an itms-services:// link that users tap to install. The only caveat to this option is that the iOS Device will contact oscp.apple.com & ax.init.itunes.apple.com to verify the app's signature. If you want to bypass this, you'll have to change the DNS settings of the iOS device using a mobile configuration file. Do this using Apple's iPhone Configuration Utility, which will generate a .mobileconfig with your specified settings. You won't have to generate a specific file for each device, so you can make one and you're done.
Anyways, back to the topic, jailbreaking doesn't remove the need for codesigning, it only removes the need for an app to be signed with Apple's certificate(s). itms-services:// is a bypass (for developers) of the same "need". Since Apple obviously doesn't want people who aren't developers just signing apps that aren't approved by Apple and installing them, they've implemented certificate checks. The signing-certificate is cross-checked with Apple's two servers. One of the servers (I don't know which) checks for "iPhone Developer:" in the name of the certificate. The other checks that it was signed by Apple's WWDRCA Certificate. If the iOS Device gets a response from either of the servers signifying that the app is "bad". If the iOS Device doesn't get a response, it will still install the app.
The way to go with this in order to bypass would be to clone a DNS server, and create a specific entry that will change the IP of these two servers to something (anything) else. That way, the Device will not get a response, and will install the application.
modify the file SDKSettings.plist : make code sign required value is NO
when build, selected project (not target) -- build setting -- code signning identity: Dont code sign
build, get the .ipa file can run on the jailbreak device
We are looking for a solution for distributing individual client certificates to an enterprise distributed app.
As far as I know it‘s not possible to access a certificate installed with Mail or Safari in your app (see for example here: Finding a certificate on iOS). So what we like to know are there any other ways to automatically distribute a certificate to individual users? Maybe there‘s a solution via iPhone Configuration Utility (e.g. setting certificate‘s access group)? Or may there‘s a way to add an individual certificate to app bundle before distributing it to the device?
You can distribute certificates (and keys) with IPCU (iPhone Configuration Utility), but that's a tedious and manual process.
If you want something automated you'll have to look into Mobile Device Managers and see which ones support distributing certificates. Oherwise I know OpenTrust has a stand-alone solution.
I'm talking with a client who is abroad and I'm wondering whether I will be able to send him versions of the iPad app for testing before it's on iTunes.
Is there a solution (e.g. Ad-Hoc?) I could rely that doesn't require jailbreak or anything?
If so, could you please provide me with a link to a guide?
Thank you !
Yes Ad-hoc is what you need, basically you will need to associate your client device identifier (UDID) to a certificate that you will use to sign application.
This is a standard procedure (no jailbreak required) that is fully documented on Apple provisioning portal in User Program Guide (you have to apply ($99) for the developer program and be logged to access this... and it is limited to 100 devices)
Another good thing is to use an "Ad-Hoc" updater such as HockeyKit to ease your client updates and installation procedure...
Yes, indeed, there is an ad-hoc distribution method:
here is its mention on the Apple Developer website. As far as details, I think you have to be in the developer program in order to get direct documentation for that, and sadly I allowed my developer account to lapse. A few key points can be found here
Essentially, you can distribute to up to 100 other iOS users who have your group's apple developer credentials installed on their phone, and the app will remain live for 90 days
Essentially, it's the same headache on the remote side with certs, keys, etc... that you have to do with XCode when developing on the device, but you can put the app on a website somewhere where the remote party can install it on their phone.
EDIT: I found this guide that is presented on a forum if you want to look through the steps.