Did you add arbitrary loads for ATS (Apple Transport Security) like:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Please note that this is unsafe, you may want to customize your ATS rules by domain like:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>dl.dropboxusercontent.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
[UPDATE]
If we look better at the error we can see the key
NSURLErrorFailingURLPeerTrustErrorKey
Then a tech note by Apple about HTTPS Server Trust Evaluation may help.
Going though the docs we read
Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is
invalid. You might be connecting to a server that is pretending to be
“example.com” which could put your confidential information at risk."
UserInfo=0x14a730 {NSErrorFailingURLStringKey=https://example.com/,
NSLocalizedRecoverySuggestion=Would you like to connect to the server
anyway?, NSErrorFailingURLKey=https://example.com/,
NSLocalizedDescription=The certificate for this server is invalid. You
might be connecting to a server that is pretending to be “example.com”
which could put your confidential information at risk.,
NSUnderlyingError=0x14a6c0 "The certificate for this server is
invalid. You might be connecting to a server that is pretending to be
“example.com” which could put your confidential information at risk.",
NSURLErrorFailingURLPeerTrustErrorKey=}
Well, that's pretty that one, since the error -1202 in the NSURLErrorDomain domain is NSURLErrorServerCertificateUntrusted, due to a possibile issue with TSL.
So we need to check TSL at this point:
We check the certs via CLI:
$ openssl s_client -showcerts -host dl.dropboxusercontent.com -port 443
CONNECTED(00000003)
depth=2 /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=dl.dropboxusercontent.com
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
---
Server certificate
subject=/OU=Domain Control Validated/CN=dl.dropboxusercontent.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
---
No client certificate CA names sent
---
SSL handshake has read 4569 bytes and written 456 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 50414926328455F36215516BEB0C40F1DD512C3C0989E0C090DC9277E754B35EFF0CE3AEA4D3FB524FFE071BE2D4426C
Key-Arg : None
Start Time: 1447281208
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
closed
and we can see here that this domain supports TLSv1/SSLv3,
We can do this online using SSL Server Test by SSL Quality Labs with the same good results here.
My wonder is if this issue is a duplicate of A couple users getting NSURLErrorServerCertificateUntrusted
But with the TSL checks above we can clearly see that the domain in question was ok.
So (simple) question
Did your phone time and date were correct?
