Https iOS with self signed certificate

Question

I have a server with a self signed certificate . I want to connect my device with the server with https form . I hear that I must just accept the connexion . But I don t know how . I have a self signed certificate because it is a test server. But I want to access it with https form? When I try to access with https I have an error :

SURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)

Then it is a self signed certificate .

Someone can help me ?

What is generating that error message? – binki Oct 17 '14 at 18:46 — binki, Oct 17 '14 at 18:46

score 22 · Accepted Answer · edited May 23 '17 at 12:25

22

By default, Cocoa refuses all SSL connections when the certificate is invalid.

However, you can force them to accept also invalid certificates. The method depends on which library/framework you are using. For example:

For NSURLConnection, check this answer.
For ASIHTTPRequest, you need to set the property validatesSecureCertificate to NO.
For AFNetworking, you can check the code to use in this page
For CFNetwork, the low-level Foundation framework, check this sample code.
For SURLConnection, which looks like you're using, you need to follow the same instructions for NSURLConnection. Indeed, SURLConnection is just a subclass of NSURLConnection.

Important note:
The code above, to accept any kind of SSL certificate, even if invalid, is a serious security risk. Basically, it makes the whole SSL useless. As a consequence, you should use that code only during development, if you really need to test with SSL connections.
Please also note that Apple will reject any application submitted to the App Store that accepts invalid SSL certificates.

edited May 23 '17 at 12:25

Community

1
1

answered Mar 26 '14 at 22:03

ItalyPaleAle

7,185
6
42
69

Hi Qualcuno, thank you for your answer. But I don't use any framework/library. Must I ? And how integrate a new framework to my app ? – Mcr67 Mar 27 '14 at 09:36
1

It's not possible you're not using a framework. The simplest one is NSURLConnection, part of Cocoa (built-in into the system), but there are more. – ItalyPaleAle Mar 27 '14 at 14:50
Thank you . How install NSURLConnection ? Just past ? After that, What I ve to do ? Can tell me ? Thank you – Mcr67 Apr 01 '14 at 14:54
You do not install NSURLConnection...! Who wrote the code you're trying to fix? – ItalyPaleAle Apr 01 '14 at 23:23
I don't have code . I just want to allow https connection with my server (with self -signed certificate ) and I not find a solution – Mcr67 Apr 02 '14 at 14:34
I swear I do not understand then. If you're not looking for coding help, then you're probably on the wrong site. – ItalyPaleAle Apr 02 '14 at 14:48
I ' m sorry but i don't understand to. No, I 'm not looking for coding help. I just wan't to understand. For the moment, in my project, I don't have any framework ? How integrate that ? Juste paste it ? After that ? I 'm sorry if you don't understand – Mcr67 Apr 03 '14 at 06:38
@ItalyPaleAle Where does apple state that they reject applications that accept invalid SSL certificates? I couldn't find it on their website ;( – Falaen Aug 09 '21 at 15:33

Durai Amuthan.H · Answer 2 · 2016-06-21T17:36:48.820

2

Certificate configuration:

You have to install the Self Signed Certificate or CA on the device in order for the device to trust it then only device trusts the SSL connection.

In the case of installing self signed certificate make sure domain name of the URL is same as Common name of certificate.

If there is no domain name then IP address is fine.

Certificate installation:

You can just host it on the web server and try to access it from safari then iOS will prompt for the certificate installation in the iOS Device

Certificate Creation:

Here is the way to create self signed certificate so that you can fill all the details and host in web server.

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 1001 -nodes

(Pay attention while entering the value for Common Name)

edited Jun 21 '16 at 17:36

answered Jun 21 '16 at 17:31

Durai Amuthan.H

31,670
10
160
241

Your second method is wrong. When Safari prompts you to install certificate, certificate is installed in Safari (only Safari will use it). That means that after that installation you still won't be able to use connect in your app. What's worst - to remove certificate from Safari you have to (since ~iOS 7) reset all device's settings. For proper installation you should for example sent your certificate via email and open file on iPhone. – franiis Oct 28 '16 at 07:30
@franiis - It will be used app as well.Give a try – Durai Amuthan.H Oct 28 '16 at 15:42

Https iOS with self signed certificate

2 Answers2

Linked