Help solve the problem with mobile: installCertificate on iOS

I need to automate authorization using a CA certificate, for this, I am trying to use mobile: installCertificate

def install_cert(self, f_name):
    path = (base / '../properties/' / pathlib.Path(file_name)).resolve()

    with open(path, "rb") as file:
        e_string = base64.b64encode(file.read())
        print(e_string)
        p12 = crypto.load_pkcs12(input_file.read(), 'your_password')
        filebs64 = crypto.dump_certificate(crypto.FILETYPE_PEM, p12.get_certificate())
        logger.info(filebs64.decode(encoding="utf-8"))
        self.driver.execute_script('mobile: installCertificate',
                                   {'content': f'{filebs64.decode(encoding="utf-8")}'})

But I get an error during execution:

  raise exception_class(message, screen, stacktrace)

E selenium.common.exceptions.WebDriverException: Message: An unknown server-side error occurred while processing the command. Original error: Cannot parse common name value from the certificate. Is it valid and base64-encoded?

It’s not clear from your description that you are doing this on a Simulator. This method is Simulator only. Could that be the problem?

It is suggested that on a real device you could use this tool:

it should work in both cases, but I generally use the simulator.
Managed to solve the problem:
openssl pkcs12 -in //properties/cert.p12 -out /properties/newfile.pem -clcerts -passin 'pass:password’
but faced with another one, when I try to install cert to simulator, received the error

One or more parameters passed to a function were not valid.

Couldn’t tell you without seeing the log. A Git Gist is the easiest way to share logs.

Appium does not do any special magic. You could verify if your certificate is valid and istallable by using simctl utility: https://proxyman.io/posts/2021-04-17-Install-Certificate-For-iOS-Simulator-On-Xcode-12.5

If the above works as expected then make sure you properly base64-encode the certificate payload before passing it to mobile: installCertificate. Make sure you use the most recent xcuitest driver version (only available as part of Appium 2).

I receive this error, after
xcrun simctl keychain booted add-root-cert <your_certificate_path>
An error was encountered processing the command (domain=NSOSStatusErrorDomain, code=-50):
One or more parameters passed to a function were not valid.

Then it is obviously some issue with your certificate, or in a way simctl handles it…

https://stackoverflow.com/questions/70702713/one-or-more-parameters-passed-to-a-function-were-not-valid

the certificate was successfully installed, but it is not working. .p12 works correctly, but after converting to .pem or .der the authorization does not work

useless documentation

spent too much time on this, it is easier to send the file to the device

It would be useless forever if no one improves it. This is the point of open source.
Create a PR with updated docs and we’d be happy to merge it.

mykola-mokhnach
Perhaps there is an example of the structure of a valid certificate in PEM, what exactly it should contain
this is the structure of my certificate in .p12,
also, I use a password with a certificate

   -----BEGIN ENCRYPTED PRIVATE KEY-----
    ....
    -----END ENCRYPTED PRIVATE KEY-----

    PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1024

    Certificate bag

    Bag Attributes

    localKeyID: 
    friendlyName: ...

    subject=/..

    issuer=/CN=OneLogin Inc Intermediate

    -----BEGIN CERTIFICATE-----

    
    -----END CERTIFICATE-----

    Certificate bag

    Bag Attributes

    friendlyName: OneLogin Inc Root CA

    subject=/CN=OneLogin Inc

    issuer=/CN=OneLogin Inc

    -----BEGIN CERTIFICATE-----

    ...
    -----END CERTIFICATE-----

    Certificate bag

    Bag Attributes

    friendlyName: OneLogin Inc Intermediate CA

    subject=/CN=OneLogin Inc Intermediate 

    issuer=/CN=OneLogin Inc Root 

    -----BEGIN CERTIFICATE-----

   ...

    -----END CERTIFICATE-----

How can I encode it to PEM?
I used OpenSSL but the received certificates don’t work and i can’t authenticate with them

Unfortunately I cannot help with that. Like I said the API that XCUITest driver provides is a simple wrapper over simctl. Try asking at Apple forums about such nitty-gritty details.

Hi @Dmytro_Berezovskyi,
did you manage to solve the issue? I am digging into this issue for long time