24

Hi I receive the following error:

Error Domain=NSURLErrorDomain Code=-1202 \"The certificate for this server is invalid. You might be connecting to a server that is pretending to be “server-prod.name-cloud.com” which could put your confidential information at risk.\" UserInfo={NSErrorFailingURLStringKey=https://server-prod.name-cloud.com /v3/project/session/926B9E6BE31B/, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://server-prod.name-cloud.com /v3/project/session/926B9E6BE31B/, _kCFStreamErrorCodeKey=-9843, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “server-prod.name-cloud.com” which could put your confidential information at risk.}

I read all the relevant docs, we apply all the requirements in "Common Failures" section.

More details:

  • the errors received only from Germany(except 4 times in the past 2W that was from Italy)
  • It is not reproducible in house
  • Eventually after tons of retries the uploads go throw
  • This was received booth in iOS 10.x.x & 9.x.x
  • I use amazon servers with 2016-08 SSL Security Policies, so according to apple it should be OK

In the app I use:

<key>NSAppTransportSecurity</key>
   <dict>
      <key>NSAllowsArbitraryLoads</key>
   <true/>
</dict>

note - in production I always use HTTP’s, I leave the NSAllowsArbitraryLoads because some testers offshore can switch the rout to HTTP for debugging.

Bar
  • 603
  • 1
  • 7
  • 19
  • 1
    You read it [(http://lithium3141.com/blog/2015/08/21/shipping-an-app-with-app-transport-security/](http://lithium3141.com/blog/2015/08/21/shipping-an-app-with-app-transport-security/) – SG iOS Developer Dec 19 '16 at 20:45

3 Answers3

43

For the devs who are working with a server locally and need to get the iOS Simulator to trust the certificate. Follow the steps below:

  1. Get the .cer file by exporting the certificate from the Keychain. You need the certificate file in a valid format and its easiest to get this by exporting it from the Keychain.

  2. Drag and drop the aforementioned .cer file onto the simulator. It should give you a prompt on installing a "Profile". Go ahead and follow the instructions to install it.

  3. For those who are working with the latest versions of Xcode and iOS Simulator. You need to do 1 last step. The Simulator must be explicitly told to trust the root CA. Do this by going to General -> About -> Certificate Trust Settings -> "Enable Full Trust for Root Certificate" for your particular certificate

Hopefully, this saves headaches for some people!

pkamb
  • 33,281
  • 23
  • 160
  • 191
Gautham C.
  • 1,135
  • 11
  • 12
  • 5
    The "Enable Full Trust for Root Certificate" option is not present on my simulator running ios 10.3 – Jesus Rodriguez Jul 07 '17 at 23:43
  • 2
    In my case, the option to "Enable Full Trust for Root Certificate" appears only for root certificates. It does not appear for intermediate or leaf certificates. – John Girata Sep 07 '17 at 00:31
  • I followed the steps above, but still getting the error. Does this solution work only for a server hosted on the same machine, as that of the simulator? Basically, for me, the server resides on another machine, but in the local network where I can access it by passing IP address. For some reasons, I cannot run an instance of the server on my machine. – Harish J Dec 26 '17 at 09:58
  • Also come unstuck at step 3. :( (latest Xcode) .. I can't see my cert in the 'Certificate Trust Settings' list, only in General -> Profiles – Jonny Nott Apr 04 '19 at 13:24
  • It appears that on 12.2 (probably earlier versions as well) the procedure is now to go to general > profiles, select the cert, and hit install in the upper right – MaxPRafferty Jun 27 '19 at 18:24
  • it worked for me, added proxy server's self signed certificate to simulator, installed it from settings and enabled full trust. – Milan Manwar Jan 01 '20 at 06:19
  • but what would happen in production?, and won't the App Review process reject it? – Andy Nadal Nov 25 '21 at 17:26
  • @AndyNadal, this is purely for working locally. It's bad practice to ask your end users to manually add unknown root CAs to a device to be able to use your production application. Instead, what you would do is ensure your certificates are signed by an existing trusted CA – Gautham C. Jul 29 '22 at 16:46
1

If you're on a work laptop with any kind of security measures, the SSL certs may be getting inspected / MITM'd by the endpoint protection.

Try opening any web page in mobile Safari. I get these same NSURLErrorDomain Code=-1202 errors there as I do for https API requests from Xcode in iOS Simulator.

Solution will be to turn off this security feature...

Or install a certificate: https://developer.apple.com/library/archive/qa/qa1948/_index.html

Similar issue is asked here: iOS Simulator not works on https, all https are evaluated as not trusted

enter image description here enter image description here

pkamb
  • 33,281
  • 23
  • 160
  • 191
-2

It took a lot of time for me to find a fix for this:

If any of us ran across the certificate issue,. It is because of antivirus preventing iPhone simulator to browse any websites.I was able to fix this issue by the following steps:

  1. uninstall or turn off Antivirus in Mac.
  2. erase all content and settings of simulator.
  3. restart mac.
satish
  • 157
  • 1
  • 2