Illustrates client configuration to support mutual authentication, as well as other APIs related to certificate handling:
Load all referenced certificates into the application Xcode project first.
//Step 1: Set up the CA certificates trusted by the client for mutual authentication. //You need to do this only if your server certificate is NOT signed by the public CA //the trusted certificate must be in DER format; the CN (common name) of the server certificate //must match the server name, set via the connection properties in the step 3. SUPApplication* app = [SUPApplication getInstance]; SUPConnectionProperties* props = app.connectionProperties; //Load the trusted certificate NSString *trustedCertPath = [[NSBundle mainBundle] pathForResource:@"server_trusted" ofType:@"crt"]; NSData *trustedData = [NSData dataWithContentsOfFile:trustedCertPath]; SecCertificateRef trusted_cert = SecCertificateCreateWithData(NULL, (CFDataRef) trustedData); //Create an array of SecCertificateRef objects CFMutableArrayRef certs = CFArrayCreateMutable (NULL, 1, &kCFTypeArrayCallBacks); CFArrayAppendValue (certs, (CFDataRef)trusted_cert); //Set to SUPConnectionProperties [props setTrustedCertificates:certs]; CFRelease(trusted_cert); CFRelease(certs); Step 2: //Get the client's login certificate; Client identity file must be in pkcs12 format; //Client identity file must be encrypted with non-empty password; NSString *certPath = [[NSBundle mainBundle] pathForResource:@"client_identity" ofType:@"p12"]; SUPCertificateStore *cs = [SUPCertificateStore getDefault]; SUPLoginCertificate *lc_resource = [cs getSignedCertificateFromFile:certPath withPassword:@"password"]; props.loginCertificate = lc_resource; //Step 3: Register the application [props setNetworkProtocol:SUPConnectionProperties_NETWORK_PROTOCOL_HTTPS]; [props setServerName:self.server]; [props setPortNumber:self.port]; [props setUrlSuffix:@""]; [props setFarmId:self.farmID]; props.activationCode = nil; @try { if (app.registrationStatus != SUPRegistrationStatus_REGISTERED) { [app registerApplication:300]; } else { [app startConnection:300]; } } @catch (NSException *exception) { NSLog(@"%@: %@",[exception name],[exception reason]); } //Step 4: Configure for data synchronization SUPConnectionProfile *sp = [TestDB getSynchronizationProfile]; … [sp setPortNumber:2482]; //specify trusted cert, and identity cert, and identity cert password; // if the same identity cert is used with application registration, you don’t need to specify // “identity” and “identity_password” here, otherwise, you need to specify them. // specify server trusted CA cert; this could be different from the certificate used in step1 // depending on server configuration. // In any case, server trusted CA needs to be specified for data synchronization in networkstreamparams. [sp setNetworkStreamParams:@"trusted_certificates=server_trustedCA.crt; identity=client_identity.p12; identity_password=password"]; //Data synchronize [TestDB synchronize];