With the release of 4D 21 R3, we are bringing the power of the macOS Keychain to your HTTPS requests and agents, joining our existing support for the Windows Certificate Store.
The real breakthrough? 4D entirely masks the technical complexity. Unlike other development languages that require OS-specific logic, 4D allows you to use exactly the same code for both platforms. This unique abstraction is a massive time-saver, significantly reducing development and maintenance costs.
Whether you are implementing simple secure connections or advanced Mutual TLS (mTLS), you no longer need to worry about the underlying OS. You write the code once; 4D handles the rest.
Let’s see how this cross-platform harmony simplifies your certificate management.

What is the macOS Keychain?

The Keychain is macOS’s built-in password and certificate management system. It’s the secure place where the OS stores sensitive information like passwords, private keys, and certificates.

Until now, to use a specific client certificate in an HTTPRequest on macOS, you had to provide a certificate file on disk. With 4D 21 R3, you can now directly reference a certificate securely stored in the system or user macOS Keychain.

Why use it?

Using the system’s native certificate management offers several advantages:

• Enhanced Security: No need to store sensitive .pem or .p12 files on the file system where they might be improperly accessed.

• Centralized Management: Use the same certificates as the OS and other native applications.

• Deployment Ease: It’s much easier to let a system administrator deploy certificates via MDM (Mobile Device Management).

How to use it?

If you read our previous post about the Windows Certificate Store, you’ll find the syntax very familiar: it’s exactly the same code!

To use a certificate from the Keychain, you simply use the storeCertificateName property of the options object passed to the new() function. Here’s the code example:

var $options:={storeCertificateName: "myCertificateName"}
var $request:=4D.HTTPRequest.new($url; $options)

Of course, you can also set the certificate name for an HTTP agent, as shown in the following example:

var $options:={storeCertificateName: "myCertificateName"}
var $agent:=4D.HTTPAgent.new($options)
var $request:=4D.HTTPRequest.new($url; {agent: $agent})

Just like on Windows, you identify the certificate by its name (Common Name), and 4D will look for it in the user’s or system’s available keychains.

Installing a Certificate in macOS

Registering a certificate in the macOS Keychain is quite simple. The easiest way is to use a PKCS#12 certificate, which contains both a private key and an identity certificate. Many tools can generate these certificates.

Open the macOS Keychain access and just drop the PKCS#12 certificate file in the account you want, as shown in the video below.

That’s it! The certificate is safely stored and ready to be used in 4D!

Depending on the certificate Access Control settings, the use of the certificate may request the administrator password. Check the Apple documentation about these settings.

What’s next?

This feature completes the bridge between 4D and native OS certificate management for both platforms. Whether your users are on Windows or macOS, you can now provide a seamless and secure authentication experience.

Do you have any questions or feedback? Feel free to join the discussion on the 4D Forums!