I've tried with this:

我试过这个：

NSString *thePath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"p12"]; 
NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; 
CFDataRef inPKCS12Data = (CFDataRef)PKCS12Data; 
CFStringRef password = CFSTR("pass"); 
const void *keys[] = { kSecImportExportPassphrase }; 
const void *values[] = { password }; 
CFDictionaryRef optionsDictionary = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL); 
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); 
SecPKCS12Import(inPKCS12Data, optionsDictionary, &items); 

inPKCS12Data is correct but items is empty. What is happening?

inPKCS12Data 正确但项目为空。怎么了？

I've done this for a recent app by making the documents folder for the app accessible via itunes. Our users are then instructed to drag their generated key (in a p12 format file) into the documents panel for our app in iTunes. When the app is started, it checks for the existence of the p12 file and, if it exists, imports the file into the keychain.

我通过使应用程序的文档文件夹可通过 iTunes 访问来为最近的应用程序完成此操作。然后指示我们的用户将他们生成的密钥（以 p12 格式文件）拖到 iTunes 中我们应用程序的文档面板中。当应用程序启动时，它会检查 p12 文件是否存在，如果存在，则将该文件导入到钥匙串中。

It's not the simplest procedure, but it is the most secure because you don't have a private key file being sent around via email.

这不是最简单的过程，但它是最安全的，因为您没有通过电子邮件发送的私钥文件。

Apple does restrict the use of device-wide keys/certificates to it's own applications/services, such as WiFi, VPN, Mail, etc. Third-party applications are not able to use any of these keys/certs (without jailbreaking). However, applications are able to import, store, and use keys and certificates in a in-app keychain. In addition, you can share keys/certs across multiple applications with the keychain-access-groupfeature in iOS.

Apple 确实将设备范围的密钥/证书的使用限制为它自己的应用程序/服务，例如 WiFi、VPN、邮件等。第三方应用程序不能使用任何这些密钥/证书（没有越狱）。但是，应用程序能够在应用程序内钥匙串中导入、存储和使用密钥和证书。此外，您可以使用iOS 中的钥匙串访问组功能在多个应用程序之间共享密钥/证书。

I recently published a blog post titled In-App Mobile Certificates Made Easy with mCMS, which may have helped you out. Our company is developing an API that makes it easy to support in-app certificates, obtained directly from your Microsoft-based PKI. Our solution also offers on-device key generation, instead of generating a P12 on another machine and trying to import it into your app.

我最近发表了一篇名为使用 mCMS 轻松实现应用内移动证书的博客文章，可能对您有所帮助。我们公司正在开发一个 API，可以轻松支持直接从基于 Microsoft 的 PKI 获取的应用内证书。我们的解决方案还提供设备上的密钥生成，而不是在另一台机器上生成 P12 并尝试将其导入您的应用程序。

If you're using AirWatch for app distribution, their SDK provides the ability to provision certificates from your Certificate Authority to your registered devices. This allows you to provision your certs, and then access them from your app's code.

如果您使用 AirWatch 进行应用程序分发，他们的 SDK 提供了从您的证书颁发机构向您注册的设备提供证书的功能。这允许您配置您的证书，然后从您的应用程序代码访问它们。

If a .p12 file isn't too big you could encode it using Base64and then embed a link in an email with a custom url scheme, e.g.:

如果 .p12 文件不是太大，您可以使用Base64对其进行编码，然后使用自定义 url 方案在电子邮件中嵌入链接，例如：

myapp://certificate/<base 64 data>

User clicks the link, your app saves the certificate somewhere for future use. Just make sure that Mail.app on the iPhone won't mangle the email.

用户单击链接，您的应用程序将证书保存在某处以备将来使用。只要确保 iPhone 上的 Mail.app 不会破坏电子邮件。

Oh man, this brings up painful memories from October/November 2009. I was able to successfully get client-side certs to work but I had to port libcurl to the iPhone (which wasn't easy since the NDA was still in effect at the time).

哦，伙计，这带来了 2009 年 10 月/11 月的痛苦回忆。我能够成功地让客户端证书工作，但我不得不将 libcurl 移植到 iPhone（这并不容易，因为 NDA 在时间）。

I haven't done iPhone app development in over a year so I don't know how much is changed, but if I were you I'd first try to get by without client-side certs and if you absolutely must have them you can use libcurl with PEM formatted certs.

我已经一年多没有做过 iPhone 应用程序开发了，所以我不知道有多少变化，但如果我是你，我会首先尝试在没有客户端证书的情况下度过难关，如果你绝对必须拥有它们，你可以将 libcurl 与 PEM 格式的证书一起使用。

Does the code suggested in Finding a Certificate In the Keychainwork for you?

在钥匙串中查找证书中建议的代码是否适合您？