Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: UI07
UI07 Author
User level: Level 1
4 points

Certificate Trust Settings

is there any api that shows that Certificate 1 have full root access and Certificate 2 don't have full root access.

Thanks

Posted on Mar 5, 2023 11:43 PM

Reply
Question marked as Best reply
User profile for user: ScubaproJ24
ScubaproJ24
User level: Level 1
19 points

Posted on Mar 5, 2023 11:48 PM

in general, it's not possible to determine whether a certificate has full root access or not just by looking at the certificate itself or through an API. Certificates are used to establish trust between different entities and are issued by trusted authorities called Certificate Authorities (CAs). A certificate typically contains information about the entity it represents, such as its public key and identity information. It's the responsibility of the entity that uses the certificate to determine the level of access it has based on its own security policies and trust relationships.

In other words, the certificate itself doesn't determine the level of access. Rather, it's up to the entity that uses the certificate to determine the access level based on their own internal security policies and trust relationships

View in context

Similar questions

3 replies
Question marked as Best reply
User profile for user: ScubaproJ24
ScubaproJ24
User level: Level 1
19 points

Mar 5, 2023 11:48 PM in response to UI07

in general, it's not possible to determine whether a certificate has full root access or not just by looking at the certificate itself or through an API. Certificates are used to establish trust between different entities and are issued by trusted authorities called Certificate Authorities (CAs). A certificate typically contains information about the entity it represents, such as its public key and identity information. It's the responsibility of the entity that uses the certificate to determine the level of access it has based on its own security policies and trust relationships.

In other words, the certificate itself doesn't determine the level of access. Rather, it's up to the entity that uses the certificate to determine the access level based on their own internal security policies and trust relationships

Reply
User profile for user: UI07
UI07 Author
User level: Level 1
4 points

Mar 6, 2023 12:57 AM in response to UI07

More Information regarding my question.

let bundle = Bundle(for: type(of: self))
        let rootCAName = "RootCA"
        guard let filePath = bundle.path(forResource: rootCAName, ofType: "der"),
              let data = try? Data(contentsOf: URL(fileURLWithPath: filePath)),
              let certificate = SecCertificateCreateWithData(nil, data as CFData)
        else {
            return
        }

        // Check
        var secTrust: SecTrust?
        if SecTrustCreateWithCertificates(certificate, SecPolicyCreateBasicX509(), &secTrust) == errSecSuccess, let trust = secTrust {
            SecTrustEvaluateAsyncWithError(trust, .global()) { trust, result, error in
                print( "Cert => \(result ? "installed" : "not installed")")
            }
        }

I have used the above code to check whether my RootCA is installed on user phone or not and I'm getting result. but I wanted to go one level above to check whether that RootCA have full access or not or that user have given my RootCA full access or not.

Thanks

Reply

Certificate Trust Settings

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up