Distributing individual client certificates to iPhone - iphone

We are looking for a solution for distributing individual client certificates to an enterprise distributed app.
As far as I know it‘s not possible to access a certificate installed with Mail or Safari in your app (see for example here: Finding a certificate on iOS). So what we like to know are there any other ways to automatically distribute a certificate to individual users? Maybe there‘s a solution via iPhone Configuration Utility (e.g. setting certificate‘s access group)? Or may there‘s a way to add an individual certificate to app bundle before distributing it to the device?

You can distribute certificates (and keys) with IPCU (iPhone Configuration Utility), but that's a tedious and manual process.
If you want something automated you'll have to look into Mobile Device Managers and see which ones support distributing certificates. Oherwise I know OpenTrust has a stand-alone solution.

Related

Trust self-signed certificate in ConnectionRequest of codenameone

My mobile app needs to connect to a server with self-signed certificate only. Is it possible to do this? Because the app is built using codenameone, there are many Java classes missing and thus I can't use normal Java solution.
The app needs to be run in both iOS and Android.
Thanks for any suggestions.
At this time this isn't supported since Codename One uses the native connection API's on the various platforms (e.g. NSUrl on iOS so this can't be implemented there.
In fact Apple recently limited the ability to access non-https URLs so even if this was added it might trigger an issue with Apple's future policies.
Since valid certificates can be purchased for 5USD the motivation in using self signed certificates is much lower than it used to be in the past.

Distribution through Apple Enterprise : employees only?

Take the situation in which I have created a number of apps and would like to distribute it to people for testing, but without having to know their UUID. Each app would only be distributed to a few people but I don't want to have to ask for their UUID.
Does the enterprise distribution program support this? So that I can archive and distribute the app without specifying UUIDs to people who are non-employees?
The enterprise distribution program does allow you to distribute apps to select users without knowing their UUID. The iOS Enterprise Distribution guide explains everything you need to know to distribute apps outside of the app store. In short, you can host your app on a web server that requires authentication.
Check out this link for more information http://help.apple.com/iosdeployment-apps/mac/1.1/

Is there certificate storage or something like Keychain on Windows Phone 8?

Is there some documentation about how certificates are stored on WP8? (Is there special storage for them like on Android, or are they managed differently?) I cannot find any documentation regarding certificates. I am new to WP8 development and have stucked on this question.
If not certificate storage maybe there is something similar to iOS Keychain that saves information and inside Keychain access group other applications can access it?
Read that there is possibility to encrypt/ decrypt data, but as I understand I can only decrypt them from one application, but I would need to access them also from other applications.
Based on: http://msdn.microsoft.com/en-US/library/windowsphone/develop/ff402533(v=vs.105).aspx and
http://msdn.microsoft.com/en-US/library/windowsphone/develop/hh487164(v=vs.105).aspx
My target is to securely manage data (passwords, certificates) using multiple applications. (Multiple applications can access same passwords etc.)
3rd party WP8 apps do not have a way to constantly share data with other 3rd party apps. There's no shared DB, Cookie container or read-write file storage that's shared between apps. If that's a feature you'd like to see in future releases feel free to say so on the WP8 uservoice.
On the question of certificates it is possible to install custom certificates on WP8 from file storage, email or apps. I've written up an example on how to install custom certificates on WP8 at a related question # TLS connection: override certificate validation

iOS get Configuration Profiles that are installed

The app I am currently working on requires the use of Configuration Profiles in order to connect to a server to download XML. The certificates are distributed in the form of .p12 files, and they can be installed in the settings app in the iPhone like the bottom-left image.
The problem is that all over the internet people are saying that this is impossible.
HOWEVER, Junos Pulse can do this(bottom-right image).
It is only reading the Configuration Profiles which is exactly what I need.
I did not have to install them into the Junos Pulse app. Adding them to the system, and launching the app is enough for my profiles to be recognized.
Thanks for your help :)
The reason the Junos app is able to do this has been explained in a post in the Apple Developer Forums.
Original Question: https://devforums.apple.com/message/660579#660579
Explanation about Junos app: https://devforums.apple.com/message/351326#351326
To sum it up, access to this is not provided in the SDK and is by invitation from Apple only.
You won't. Your application is sandboxed, read the iOS App Programming Guide. Developer profiles are not public information for applications to access.
I am not sure what you are trying to accomplish, but the iOS Keychain services allows you to store and retrieve certificates and keys in a (supposedly) secure way. I have not used the API for other than storing passwords, so I cannot say how it works with certificates, but according to the docs it might work for you.
In particular, have a look at the SecItemCopyMatching function.

how to create binary which can be installed in all iphones without creating App Store or Ad Hoc?

i want to create an application which will not launch in AppStore but all my clients can install my application in their devices. the problem is that i do not have all my clients devices UDID. how they can insert my application because i can't create Ad Hoc since i do not have all my clients UDID and i do not want to create an App Store binary.
Please tell me this is possible or not.?
Use InHouse distribution, see
https://developer.apple.com/programs/ios/enterprise/
and
http://www.apple.com/iphone/business/apps/in-house/
In short, you'll need an Enterprise account. With it, you can create inhouse-distributions that work the same as ad-hoc (i.e. you can distribute them directly or via Over-the-air), except that you don't need to specify UDIDs.
However, since this is a major security "flaw" you have to make sure that everyone who downloads/gets this app is properly authenticated one way or another.
Important: If your clients are not members or subcompanies of your company, I'd check the legal status of using InHouse distribution for this. I'm not sure myself.
If you can turn your app into a web app, then yes you can do it.
But assuming you are talking about a native iOS app, and you don't want to require clients to jailbreak their phones, then no, Apple have a single distribution channel and that's the App Store.
If your clients are 'internal' clients, ie you want to distribute within your own organisation, then the enterprise program is an option for you;
https://developer.apple.com/programs/ios/enterprise/
If your clients are large, and want to buy in volume and then re-distribute internally, another option may be the custom B2B program;
http://www.apple.com/business/vpp/