2

I want to login by using web service.

My website is https based. I am using following tutorial.

http://agilewarrior.wordpress.com/2012/02/01/how-to-make-http-request-from-iphone-and-parse-json-result/

Following code is working fine.

responseData = [NSMutableData data];
NSURLRequest *request = [NSURLRequest requestWithURL:
                         [NSURL URLWithString:@"https://maps.googleapis.com/maps/api/place/search/json?location=-33.8670522,151.1957362&radius=500&types=food&name=harbour&sensor=false&key=AIzaSyAbgGH36jnyow0MbJNP4g6INkMXqgKFfHk"]];
[[NSURLConnection alloc] initWithRequest:request delegate:self];

but my code is 

responseData = [NSMutableData data];
NSURLRequest *request = [NSURLRequest requestWithURL:
                         [NSURL URLWithString:@"https:myurl/login?userId=username&password=111111"]];
[[NSURLConnection alloc] initWithRequest:request delegate:self];

and it give error 

Connection failed: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be --My URL-- which could put your confidential information at risk." UserInfo=0xa294260 {NSErrorFailingURLStringKey=https://mywebsite/login?userId=username&password=111111, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://mywebsite/login?userId=username&password=111111, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be --My URL-- which could put your confidential information at risk., NSUnderlyingError=0xa5befc0 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be --My URL-- which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0xa5768d0>}
Jano
  • 62,815
  • 21
  • 164
  • 192
Arahim
  • 303
  • 1
  • 6
  • 14

2 Answers2

5

What's happening is that your certificate is not valid (in the point of view of your app). If you want to take the risk, you can add the following code.

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
    return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
NSArray * trustedHosts = @[@"your domain"];
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    if ([trustedHosts containsObject:challenge.protectionSpace.host])
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];

[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

So the certificate will be ignored. (remember to replace "your domain", with your domain.)

Gonzo
  • 1,533
  • 16
  • 28
1

This is an issue with the website you're connecting to, not the code. If it does not have a known certificate, it will be treated as a security risk.

JMarsh
  • 934
  • 7
  • 19
  • No problem. I [found a similar question](http://stackoverflow.com/questions/12347410/iphone-secure-restfull-server-the-certificate-for-this-server-is-invalid) that may help you out, it seems as if it has some relevant answers. There is a way to ignore it, which is what someone else posted here, but is it not recommended. – JMarsh Feb 21 '13 at 20:04
  • @JMarsh im getting this error while requesting the google places autocomplete api. so how to add my certificate? – Qadir Hussain Sep 25 '14 at 08:11