How to install chained certificates in iOS and fetch chain count programatically

问题

I am a newbie for Objective C.

I am working on chained certificates in iOS for VPN connection. My problem statement is I need to implement user-cert based VPN connection. I have the working VPN connection model for the normal certs that is without chained certificates and it is working fine. But when I use chained certificates it is not connecting.

I am using 3 intermediate certificates that are self signed and a .p12 certificate. I have imported .p12 certificate programmatically into iOS app keychain and installed intermediate ones into device keychain

i.e. Settings->General->profiles

I have 2 questions.

1. Is it required that intermediate certificates to be included in .p12 file?

2. Is it required that intermediate certificates to be present in iOS app keychain only?

Here are the bits n pieces of code I have used so far

To retrieve chain count of the certificate

SecPolicyRef policy = SecPolicyCreateBasicX509();
        SecTrustRef trustRef = NULL;
        OSStatus status = SecTrustCreateWithCertificates(certificateRef, policy, &trustRef);
CFIndex chainCount = SecTrustGetCertificateCount(trustRef);
        chain = [NSMutableArray arrayWithCapacity:chainCount];

I am importing .p12 file directly from mail and displaying to user for selection as per the requirement.

This is function I used for importing:

var returnStatus = SecPKCS12Import(data as NSData,
                                            [kSecImportExportPassphrase as String: self.textCertPassword.text ?? ""] as NSDictionary,
                                            &importResult

For normal certs SecTrustGetCertificateCount returns #2 that is leaf certificate and its corresponding CA

But for chained certificate which as intermediate certificate SecTrustGetCertificateCount function returns #1

Any sort of suggestions would be of great help to me as I am not able to understand even the theory behind it and I have not worked with certificates earlier.

I am new for SO as well so sorry if you find any discrepancy in question or understanding.

Thanks in advance.

来源：https://stackoverflow.com/questions/57488649/how-to-install-chained-certificates-in-ios-and-fetch-chain-count-programatically