I want to be able to install a client certificate (via email, for example) and then use that certificate to authenticate requests sent by my app. I have the feeling that Apple won't allow that kind of access, but can't find any definite answer. Is that true, or is there a way to access client certificates installed on the device from within an app?
Edit: To clarify, this is a native app, not a webapp.
Your app can use only what you store in its own keychain (or keychains of other 3rd party apps that share the same provisioning certificate). As for the actual loading we do use openssl (we did write a obj-c wrapper around it) to decode the .p12 that we send to the app.
The certificates loaded in seting->general->profiles are protected in some way only built-in apps (mail, safari) can add stuff there.