SecCertificateCreateWithData always returning null

Question

I'm currently working from the following post. Here is the code:

    SecCertificateRef   certs    = NULL;
    SecPolicyRef        policy  = NULL;

    NSString *publicKeyString = @"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeJ8N8fuGShAJnniDg4yuRrxrG61ZF2T24eXSEH87jCJmLbc+MV70AgP/LC8btzSU4FFP56lBmDcmW+Prupf5gO1RXhjPIlET73t5Ny1I3ze+xaShAA9qB0c9dNb26NxVd95wCHNmQhon9qBFmTVZb0CdgscxYcDuLOGskDnATrwIDAQAB";
    NSData *publicKeyStringData = [[NSData alloc] initWithBase64EncodedString:publicKeyString options:0];


    certs = SecCertificateCreateWithData(kCFAllocatorDefault, (__bridge CFDataRef) publicKeyStringData);

Based on the post if the certs variable is NULL then data was in an incorrect format. I checked the above public key and it is indeed base64, so I can't see why certs would be NULL?

Answer 1

Certificate can have these extensions: .CER, .CRT, .DER, .PEM. And it can be encoded in two ways: DER and PEM. This apple method accepts only DER encoding.

If you have .CER or .CRT extension you have to find out if it is encoded in DER or PEM encoding. (If there is .PEM or .DER extension it is clear.)

To check the current encoding, change the extension to DER and try to read it:

1. Rename the file (certificate.crt -> certificate.der)
2. In terminal: openssl x509 -in certificate.der -inform der -text -noout

If you see an error it is likely PEM encoded certificate and you need to change it to DER encoded:

1. Rename back to crt (certificate.der -> certificate.crt)
2. In terminal: openssl x509 -in certificate.crt -outform der -out certificate.der

// source: https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them