"Server certificate untrusted" error in iPhone application

I had the same problem!

Did you install there "Intermediate Certificate Bundle"? If you don't then you will get the untrusted server certificate on all mobile platforms (and some PC ones as well).

Web Site Quote:

Before you install your issued SSL certificate you must download and install our intermediate certificate bundle on your Web server. You may also download the bundle from the repository.

Check out the GoDaddy SSL install instructions for your web server setup.

The Intermediate Certificate Bundle can be found here.

It looks like everything checks out with the installation of the certificate. All of the Intermediate certificates are being sent by the server: http://www.sslshopper.com/ssl-checker.html?hostname=api.serverdensity.com

Please verify the Date and time setting of your iPhone or iPod, if you are facing the error saying "untrusted server certificate".

After correcting the Date and Time from iPhone/iPod "Setting". It will automatically takes care all applications(i.e. Yahoo messenger, Citrix, Push mail ....etc) encounters "Untrusted server certificate" issue. Just give try. Hope it will be a little help for you. Thanks.

Early iOS and android devices came with a smaller-than-desktop-browser database of root certs. You need to concatenate your intermediate CA certs with your server cert and have the web server send them all down to the phone. Later iOS and android releases fix this by including more ca certs on-device.

I have actually seen this with my own app which also uses a godaddy cert - and yes I have installed the intermediate certs on my server.

It's rare, but this can happen if the user goes onto a wifi hotspot which interjects its login page to the connection attempt. It's actually correct behaviour for SSL, and it's caused by the hotspot effectively doing a man-in-the-middle redirection for your URL.

They can fix it by first going into Safari and getting the connection working.

OS3.0 is supposed to do some automatic login to this kind of hotspot but in my experience it doesn't always work.

edit: to add, before I used SSL I used to detect this for plain http and put up an appropriate error message. It is probably advisable to catch this error in your app and put up a similar message 'you may be connected to a hotspot which requires you to login', etc. Now that you've reminded me, I need to do that in my own app.

We were previously using a "hardcoded" method of authentication using basic HTTP AUTH when connecting to our API:

NSString *requestURL = [NSString stringWithFormat:@"https://%@:%@@api.serverdensity.com/1.0/?account=%@.serverdensity.com&c=%@", username, password, account, command];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:requestURL] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:60.0];

but switched to using a "proper" method in our latest update:

NSString *requestURL = [NSString stringWithFormat:@"https://api.serverdensity.com/1.0/?account=%@.serverdensity.com&c=%@", account, command];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:requestURL] cachePolicy:NSURLRequestReloadIgnoringLocalCacheData timeoutInterval:60.0];

using NSURLCredential to correctly handle the HTTP authentication. Following this update, the certificate error disappeared for the user concerned.

I saw the same error message on a jailbroken test phone I had, but not on my other test phones. I never investigated it further, but thought I would mention in case that helps...

I would confirm that your phone can load any https:// urls without warning. I have an old 3.1.3 iPhone that for some reason warns about every cert it encounters. Not sure what the reason is but it makes it almost useless for testing of my web service.