I'm developing a VPN application, which installs personal VPN profile into system configuration. If my application is only one VPN application on device - all works as expected. If I install one more VPN app with another personal VPN certificate, I have problems.
As you can see on screenshot, there are two personal certificates installed in system. One of them (not my app's certificate) is in selected state. When I try to connect to VPN from my app, my certificate does not go to selected state and VPN is not working. It works only when I select my app's certificate manually in settings.
But, when I try to connect to VPN from another app, this app automatically selects proper certificate in system settings and all is working correctly.
So, my question is: is there any API to select proper certificate before connecting to VPN?
I tried to use NEVpnManager.isEnabled with no luck. I also use NEVPNManager.saveToPreferences() before trying to connect to VPN.
I solved my problem. The reason is NEVPNManager.isEnabled flag. It must be set to TRUE before method saveToPreferences() is called.
Related
I am trying to secure a iOS app by checking the installed SSL certificate exists or not. First I created a self-signed certificate with OpenSSL, and then install it to my iPhone. Right now I need to programmatically check this certificate is installed or not. If it exists, the app can run without limit, if not, use won't be able to use the app. So how to programmatically check this device is installed or not in my app code?
Why do we need to install SSL certificate on our iOS devices?
Users can install digital identities (certificates plus their
associated private keys) onto their iOS devices by downloading them
from within Safari, by opening them as email attachments, and by
installing them with configuration profiles. Or, identities can be
pushed from a Mobile Device Management (MDM) server. However,
identities installed in any of these ways are added to the Apple
keychain access group.
Refer below links for more info.
https://forums.developer.apple.com/thread/52345
https://developer.apple.com/library/archive/qa/qa1745/_index.html
Is it possible to connect from an IOS device to an Azure Point to Site VPN? (Yes, I know it is unsupported). However, I have seen it suggested that SSTP could be used, but cant find a concrete example.
Can anyone shed some light on if this is actually possible - or suggest alternatives?
Updated Answer
Now, Azure P2S VPN can be configured on iOS.
How to:
iOS VPN clients are supported for the Resource Manager deployment model only. They are not supported for the classic deployment model.
Note IKEv2 is currently in Preview.
When installing a client certificate, you need the password that was created when the client certificate was exported.
Locate the .pfx certificate file and copy it to your iOS. You can get the certificate to the iOS in several ways, for example, you can email the certificate file or copy it to your Onedrive and open it through Safari. Click Allow
Install the certificate on your iOS:
Adding VPN configuration on iOS (Choose to use certificate to authentication,details information is in the VpnSettings.xml, which downloaded from Azure portal > Point-to-site configuration> Download VPN client> Open the folder > Generic ):
4.Connect the VPN and try browse the IIS behind the Azure VNet via a private IP:
Currently, this is not supported. You can leave your feedback and upvote for the same in this feedback link - https://feedback.azure.com/forums/217313-networking/suggestions/4233968-either-add-point-to-site-sstp-vpn-clients-for-mac
It appears that Apple has removed the ability to trust SSL certificates that are self-signed in iOS 10.
I created my own self-signed certificate and have a local web server that signed with my certificate. I must install my certificate in iOS for testing locally as I have developed an iOS application that needs to trust my certificate.
How can I install my self-signed certificate?
Good news, they haven't. If you just need this for development purposes, which it sounds like you do (and you shouldn't be using self-signed certificates in production anyway), you can install the self-signed certificate on your iOS devices manually. Following the equivalent FAQ for my iOS Web Bluetooth browser app:
Create your self-signed certificate and key files using openssl or however. Be sure it has the correct /CN “Common Name” for your local server, e.g. mycomputer.local.
Configure your webserver to use it (obviously) and check that it is working using a different client, such as a browser on a Mac.
Email your certificate to an email address you can access on your iOS device.
Tap on the attachment in Mail on your iOS device, this should now prompt you to install it. Do so.
You should now verify that it is installed by going to the Settings app then General -> Profile -> <Common Name>. The Profile menu probably won’t be there at all until you’ve installed the first certificate. The certificate should be marked Verified (it was verified by you when you installed it).
You might, like I did, have thought this would be enough. It isn’t. You now, really counter-intuitively, need to go to the setting General -> About -> Certificate Trust Settings and enable full trust for your certificate there as well. It’s such a weird place for that setting to be.
The installation of own root certificates changed at some point (maybe somebody can confirm, if it was at iOS 11).
What you need to do is with your Mac, get Apple Configurator 2 and create a profile containing your certificate. The resulting mobile profile file can be installed from Safari or email.
I have create two diffrent App id for development and distribution profile but facing an issue for get notification for distribution profile but its work on development profile. anyone give me check .pem file correct or not
I had issues with PEM´s without pass. Create them with a pass and try again.
If you have access to your server log, yo can check APNS server response, sometimes it gave clues on what is going on.
Also check if your devices´ tokens are correctly stored in server.
You need to check the following scenarios and execute.
In the firewalls need to check the 2195, 2196 ports and also check gateway.sandbox.push.apple.com, gateway.push.apple.com
Sign your application using distribution profiles and run the application in distribution mode. Make sure if you are running the application using distribution mode then in server side also should use distribution PEM files. I believe you are made the mistake in this scenario.
We are new to iOS development and this is our first application for iPad that we are developing for our organization.
We have developed app in Xcode 4.1 with iOS SDK 4.3.2 .
We have created provisioning profile and added 4 iPad device UDIDs in the profile.
We have created app.ipa file and kept it on our internal webserver ( along with app.plist ). Then we have created simple html file which contains pointer to app.plist.
We try to install the app on the device by accessing the html file URL through safari. However the application gets stuck in "loading... " state and after long time it gives error unable to download the application. We have checked the network connectivity , the webserver logs and everything seems to be fine.
Another odd behaviour we have observed is that while the application installation is in loading state and we connect the iPad to the development machine. When itunes prompts for syncing the device we cancel the sync. Then we disconnect the cable and connect and again when it prompts for syncing we again cancel it. At this time the application gets installted. But this is happens on only one iPad. On 2 other iPads it doesn't get installed and stays in loading state. On one iPad it got installed without issues.
We are now stuck because we have to distribute this application to many users in our organization and not able to do so.
You could check the following
The provisioning file is for ad hoc distribution
The provisioning file is selected in the Code signing Identity -> Release section of the build settings of your project
You selected Product -> Archive, then pressed "Share" when the Organizer window opens.
Next step: make sure the provision file is selected
Next step: Select "Save for Enterprise Distribution". The application URL has to be the exact web address on the ipa file
You can find more detail about the process in this article
Thanks all for your answers which pointed to many useful resources for us newbie developers.
I found the cause of my problem. The device requires to connect to apple sites to verify the certificate. Since the device was in our internal wireless network and I had removed proxy settings from the device it was not able to connect. Once I gave the proxy settings it installed without problems. One point to be noted though was it was not working with proxy authentication enabled hence I had to enable IP address based access for the device.
Thanks once again for you responses.
You have problem with your provisioning profile.
The problem is that you don't sign app properly and iOS5 has changed notification that app cannot be installed with loading message only, on iOS4 it was message and app would be deleted from springboard.
You need to set in project properties under build settings code signing identity on the ad-hoc certificate that you have created. When you build app for archive sign it again like you did before with the same certificate and then try to install on device.
I use beta builder for creating index, plist and other files for web server, but you can use whatever you like.
http://www.hanchorllc.com/2010/08/24/introducing-ios-beta-builder/