How to verify a x509 certificate from Apple on a Ubuntu server?



  • I'm trying to verify GameCenter authentication on an iOS app with GameKit. The fetchItems API returns a URL for the public key needed to do this.

    Steps 3 and 4 of that API say:

    1. Use the publicKeyURL on the third-party server to download the public key.
    2. Verify with the appropriate signing authority that Apple signed the public key.

    The public key URL I usually get is https://static.gc.apple.com/public-key/gc-prod-5.cer.

    On my Mac, I simply download this cert and call X509Certificate2.Verify() in C#, and it returns true. However, calling this function on an Ubuntu server returns false. The error message I get on the server from X509Chain is:

    Status information: unable to get local issuer certificate

    The cert in question appears to be CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US.

    How do I get this cert on my Ubuntu server, so that I can verify the public key from Apple? Is there a common registry of certs where I can download it?



  • You need to update your root certificate store as in this post:

    https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate

    If I read your question right...looks like you have a copy of the cert?



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2