Products Products
Support & Forums Support & Forums
Compliance Testing Compliance Testing
Labs & Sandboxes Labs & Sandboxes
Program Program
Co-Marketing Co-Marketing
Avaya Experience Platform Avaya Enterprise Cloud Avaya Client SDK Avaya Aura Platform See All Products Find Developer Resources

Avaya Experience Platform

Overview Interfaces Learning Support Options Compliance Testing

Avaya Enterprise Cloud

Overview Interfaces Learning Support Options Compliance Testing

Avaya Client SDK

Overview Programming Docs Developer Downloads Licensing Support & Testing

Avaya Aura Platform

Application Enablement Services Communication Manager Presence Services Snap-in Session Manager System Manager Session Border Controller
About DevConnect Support Submit Support Tickets Support Forums Other Support Options

About DevConnect Support

Support Options Support FAQs Supported Platforms and Interfaces

Submit Support Tickets

Procured System Support
For procurement issues or questions Remote Lab Support
For issues and questions related to DevConnect remote labs Membership & Program Support
For membership and program benefits questions General Support
For general issues not covered by the other support tickets

Support Forums

Avaya Client SDK AEServices DMCC APIs AEServices JTAPI AEServices Web Services Avaya Workspaces Avaya Experience Platform Orchestration Designer All Forums

Other Support Options

Product Notices Non-DevConnect Support Resources

Compliance Testing

About Compliance Testing Compliance Tested Solutions

About Compliance Testing

Compliance Testing Overview Avaya Interfaces Eligible For Testing Compliance Testing FAQs Compliance Testing Guide(s) (PDF)

Compliance Tested Solutions

DevConnect Marketplace Search Applications Notes

Labs & Sandboxes

Remote Labs Procurement Benefits

Remote Labs

Remote Labs Overview Avaya Aura Session Manager Avaya Aura AE Services & Communication Manager Self Services (Experience Portal) Avaya Proactive Outreach Manager Avaya Contact Center Elite

Procurement Benefits

About DevConnect Procurement Access/View Procurement Catalog Procurement FAQs DevConnect Procured System Support

Program

Program Overview Program Benefits Membership Options

Program Overview

DevConnect Membership Levels DevConnect Program Guide (PDF) DevConnect Program FAQs

Program Benefits

Membership Benefits DevConnect Procurement Co-marketing

Membership Options

Manage My Portfolio/Solutions Manage My Profile

Co-Marketing

Co-Marketing Benefits Relationship Benefits

Co-Marketing Benefits

Co-Marketing Overview Logos Marketplace Co-branded Collateral Select Product Program

Relationship Benefits

Social Media 8-and-Out Podcasts Sponsorships Advertising

Avaya Client SDK

< Back to Package Overview

Working with Client Identity Certificates

Servers are able to validate the identity of the client using Client Identity Certificates. Avaya Client SDK Communications Package support builds on concepts outlined in Working with Certificates.

Client Certificates are supported with the following providers:

  • SIP (SIP Servers and Session Border Controllers)
  • Aura Personal Profile Manager (PPM)
  • Avaya Multimedia Messaging (AMM)
  • Avaya Aura Device Services (AADS)
  • IPO (MTCTI Services)

The Client SDK does not provide validation of Client Certificates, and server validation responses are provided to your application.

Client Identity Certificates

Passing the Identity Certificate Chain

The following code snippet demonstrates how to pass the Certificate Chain to the Client SDK by using CSCertificateManager. 

// Retrieve the client certificate chain from the key store or a keychain 
// for the given alias.
NSArray *certChain = [keyChain getCertificateChainWithContext: mContext alias: alias];

// Retrive an  identity
SecIdentityRef identity = [keyChain getSecIdentityWithContext: mContext alias: alias];

// Set both client certificate chain and the identity. 
// Returns NO in case of errors.
NSError *error = nil;
if ([client.certificateManager setClientIdentity: identity
                        withCertificateChain: certChain
                                       error: &error])
{
    // Client certificate has been successfully provisioned. 
}

How to view / retrieve certificates

Use methods of the CSCertificateManager to obtain Certificate Chain and RSA private key used by the Client SDK. 

// Retrieve a complete client certificate chain.
NSArray *certChain = 
    (NSArray *)client.certificateManager.clientIdentityCertificateChain;

// Retrieve the identity.
SecIdentityRef identity = client.certificateManager.clientIdentity;

Certificate Expiration Notification and Renewal

You can register your application to receive expiration notifications (<CSCertificateManagerClientIdentityDelegate>).

Optionally use the CSSecurityPolicyConfiguration object to specify the percentage value (of client identity certificate's age) after which the certificate status notifications are issued. 

// Create and initialise the Security Policy Configuration 
// to use the Private Trust Store.
CSSecurityPolicyConfiguration *securityPolicyConfig = [CSSecurityPolicyConfiguration new];
securityPolicyConfig.certificateRenewalValue = 90;

// A delegate class implementing CSCertificateManagerClientIdentityDelegate protocol.
AppClientIdentityHandler *clientIdentityHandler = [[AppClientIdentityHandler alloc] init];

// Set the delegate
client.certificateManager.clientIdentityDelegate = clientIdentityHandler;

// The expiration notification will be notified via 
// certificateManager:clientIdentityWillExpireInDays: callback.

The Client SDK will notify your application when the identity certificate approaches expiration. 

@interface AppClientIdentityHandler() 
    
...
@end

@implementation AppClientIdentityHandler

    - (void)        certificateManager: (CSCertificateManager *)certManager 
        clientIdentityWillExpireInDays: (NSInteger)daysToExpire
    {
        // Add your code here. 
        // Use the number of days field to provide warning to your user.
    }
...

@end

Certificate Removal

// Remove the client identity  delegate
client.certificateManager.clientIdentityDelegate = nil;

// Delete the client identity.
NSError *error = nil;
if ([client.certificateManager deleteClientIdentityWithError: &error])
{
    // Client identity certificate was deleted
}

Simple Certificate Enrollment Protocol (SCEP) Support

The Client SDK support SCEP to retrieve Identity Certificates. Create the CSSCEPConfiguration object and pass it to the enrollWithConfiguration:enrollmentCredentialProvider:completionHandler: method of the CSCertificateManager object. 

CSSCEPConfiguration *scepConfiguration = 
// Populate scepConfiguration details.

EnrollmentCredentialProvider *enrollmentCredentialProvider = 
    [[EnrollmentCredentialProvider alloc] 
        initWithCommonName: scepConfiguration.certificateCommonName
               andPassword: scepConfiguration.challengePassword];
[client.certificateManager enrollWithConfiguration: scepConfigData 
                      enrollmentCredentialProvider: enrollmentCredential 
                                 completionHandler:
    ^(CFArrayRef identityCertChain, SecIdentityRef secIdentity, NSError *result) 
    {        
        // Enroll completion handler
    }];