I am running a Tomcat server to develop and test a native iOS app. The server is presenting a certificate signed with a private CA. This is Apple's recommendation for test servers rather than using self-signed certificates. I have tested the certificate at sslshopper.com and it shows that the certificate has a CA chain. The root CA certificate has been installed on the simulator.
Initially, without any ATS exceptions, my app gives me the following:
The error is the usual:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
This error is usually the result when the app encounters a self-signed certificate. As I said above, the certificate is not self-signed.
After adding an exception domain to the app's plist, I get this:
This is usually what we see for certificates with an invalid CN. I have verified that the CN is correct in the certificate.
The error is :
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
I couldn't find the error in the Apple docs and finally had to resort to looking it up in the header file. It is as follows:
errSSLNoRootCert = -9813, /* cert chain not verified by root */
Since the chain is present and the root certificate is installed on the simulator, I'm not sure what this error means. I did notice when installing the root certificate that it would not be usable until it was enabled in the Certificate Trust Settings, but the only live content on that pane in the simulator is a link to the Apple developers site. I went to my test site in Safari and was able to access it after confirming the certificate exception. The root certificate profile says that it is verified (green checkmark).
Any help is appreciated.
