I would like to make https request with a server require client-certificate authentication. I looked into this Creating a SecCertificateRef for NSURLConnection Authentication Challenge . It worked as expected.
However, it need to prepare the p12 file which include the private key. It would be securied as it need password to import the p12 file using
There is no explicit support for CSR in Security Framework in iOS. However, it is not that difficult to build CSR 'manually' - it is just ASN.1 DER block of data that are available at iOS runtime.
Here is pseudo code of that:
SecKeyGeneratePair()from Security Framework to create fresh public/private key
getPublicKeyBitsmethod to retrieve NSData-form of fresh public key (see https://developer.apple.com/library/ios/samplecode/CryptoExercise/Introduction/Intro.html )
getPrivateKeymethod to retrieve SecKeyRef from Keychain
This will create proper CSR (in form of NSData) that can be sent to CA for approval.
My implementation is available on GitHub: http://github.com/ateska/ios-csr .