How to use self signed certificate at iOS app

10
votes

Basically our iOS app needs to communicate with a server which has a self signed certificate for now. In my app, the https is failing with untrusted server certificate which is understandable. The error is like this:

Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “my host name here” which could put your confidential information at risk."

So I sent the self signed certificate via email to the iOS device and imported into the profiles and hoping that it would be used as part of root CA for https authentication. To my surprise, it is not and I am still getting the same error. I think that iOS would be default to use root CAs at keychain to validate the server certificate and from what I read, the imported certificate at profiles are at keychain as well. So I could not understand why my imported self signed certificate is not used as root CA.

At this point, I don't really want to trust this self signed certificate via the coding like this iOS authenticate HTTPS with self-signed certificate or In iOS, how to connect to a server using https with self-signed certificate on the server? since this won't work in customer case where they would install our server on their network and they could create their own self signed certificate.

Somehow I didn't really get much information around this from searching. Could anyone shed some lights here and what I need to do to debug this? Thanks very much.

Update on July 15:

More update around this. I also tried to use configuration profile to add a self signed CA to root CA at the iOS device by following Adding Trusted Root Certificate Authorities to iOS , from my testing on 6.0 iPad and iPhone, it doesn't work as well. So not sure if that only works on jail broken device or not. In the end, I end up by allowing user to import a self signed certificate into the app. The app would load such imported certificate for certificate verification similar to this In iOS, how to connect to a server using https with self-signed certificate on the server?. Hope that it would help others in this case.

1
iphoneioskeychainself-signed
I had the same problem in my case "Common Name" of the certificate is not same as domain name of the URL for which I am doing https.... fixing the common name solved itDurai Amuthan.H

1 Answers

2
votes

looking at the first tutorial you linked to you should be able to use that or some more advanced form of that and once you have tested and have it working then all you have to do for a client to create and add their own certificate would be to override/replace the localhost.cer file in the apps folder where the file localhost.cer "or whatever name scheme you use" is located. there are many ways to do this but one could be telling the app a link where the certificate is online for download and once downloaded, then replace.

Any questions I'll try and help further but hopes this helps you in the right direction.