Storing certificates in KeyChain (already exists)

Question

Created Jun ’18

Replies 2

Boosts 0

Views 1.2k

Participants 2

Hi,
Our iOS application generate CSR and send it to the server, server then generate client certificate based on CSR and send it back, application then store it in a keychain.
The problem is when we try to store second certificate (different csr), system return us an error saying than this certificate already exists in a keychain which is not true.
So my question is, what iOS compere to decide if one certificate is the same as the other?
Thanks,
Tomasz Trela

Boost

Answer 1

DTS Engineer OP

Apple

Jun ’18

So my question is, what iOS compere to decide if one certificate is the same as the other?

The criteria used to determine keychain item uniqueness is documented in the reference docs for

errSecDuplicateItem

. I suspect that your CA is not giving each certificate a unique serial number (

kSecAttrSerialNumber

).

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

MuniekMg OP

Jul ’18

Sorry I forget to reply,
It was indeed serial number.
Thank you very much! 🙂

0