There is a new certificate in PEM format. How to get from it (using OpenSSL?) a format expected by iOS? (example: Alamofire/Source/ServerTrustEvaluation.swift) I've tried using something like:
openssl x509 -in newcertificate.crt -outform der |openssl dgst -sha256 -binary |openssl enc -base64
But it doesn't generate output like debug in iOS library. I can of course get pinning from debug in library - but I would like to receive the same pinning using OpenSSL command.
If you're planning to have iOS load the certificate from a web page, you'll just need to ensure the web server provides the correct MIME type for it. For a pem formatted certificate, the MIME type is application/x-x509-ca-cert. If the MIME type is correct, iOS can accept a PEM-formatted certificate as-is, present some "are you sure to accept..." prompts and install it as a minimal "configuration profile" with just the certificate in it.
If you need to feed iOS both the certificate and the corresponding private key (i.e. you'd need the certificate not for verifying the identity of some service, but to actually use the certificate for authenticating into something), then you might want to package both the certificate and the key into a single PKCS#12 file (suffix .pfx or .p12), and serve it up as MIME type application/x-pkcs12. The conversion to PKCS#12 format can be done with the openssl pkcs12 -export command: see man pkcs12 for details.
Another option would be to wrap the certificate into an Apple-style "configuration profile" with a .mobileconfig suffix (and the corresponding MIME type application/x-apple-aspen-config). However, creating a .mobileconfig file is tricky unless you have some tool that can do it for you. The.mobileconfig file is an Apple plist, i.e. a XML file with a specific structure, and it can optionally be signed.
crt? (pemis very generic and doesn't tell you if it contains a key, a certificate, both or whatever. Beyond that, there's mostly ascii-armored and binary formats, but hopefully, the unterlying library will handle both.)