2

I'm now stuck with a HTTPS/SSL issue. I'm developing on Windows 10 / Java 8 v121 on Codename One.

When I tried to call a HTTP (without SSL) connection, I get rejected with a reference to [https://www.codenameone.com/blog/ios-http-urls.html]. I don't think the call even hit the server. I tried to include the "build hint" in my codenameone_settings.properties file but to no avail.

Next, I tried to use self-signed certificate and it generated a "Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" exception. So, I thought the error was caused because my certificate was self-signed, but it wasn't...

Then I got a free certificate from [https://www.sslforfree.com/] and it is still causing the SAME exception message. However, this cerficate works fine with my Firefox browser. I'm also using Simple DNS Plus (for Windows) for the signed certificate domain name tested to work correctly in my Firefox browser (ie. correctly hit the server with no Insecure Connection message).

I'd like to understand how to:-

  1. Get the "build hint" to work for iOS (in the Codename One simulator) so it calls http (without ssl) connections.

  2. How to resolve the Java exception.

Thanks!

ikevin8me
  • 4,253
  • 5
  • 44
  • 84
  • What did you get when you call `http` instead of `https`? – Diamond Mar 09 '17 at 12:31
  • I get this output: "WARNING: Apple will no longer accept http URL connections from applications you tried to connect to http://localhost/accounts/login to learn more check out https://www.codenameone.com/blog/ios-http-urls.html" – ikevin8me Mar 09 '17 at 17:51
  • 1
    Check my answer below – Diamond Mar 09 '17 at 18:24
  • 1
    FYI I haven't tried it myself but I heard good things about https://letsencrypt.org/ – Shai Almog Mar 10 '17 at 06:04
  • I can recommend letsencrypt.org - been using it for webserver certs under ubuntu for a while now - certs need to be renewed every 90 days, but letsencrypt provides a nice way to automate that task. – Terry Wilkinson Mar 12 '17 at 00:17

1 Answers1

3

Just use http URL during the development stage and when you are ready to publish, buy a genuine SSL certificate and change the http to https. It's for your own good, as unencrypted Webservice call will make your app vulnerable to a man-in-middle attack.

To make your http work on iOS during dev stage, add this build hint:

ios.plistInject=<key>NSAppTransportSecurity</key><dict><key>NSAllowsArbitraryLoads</key><true/></dict><key>CFBundleURLTypes</key><array><dict><key>CFBundleURLName</key><string>com.mycompany.myapp</string></dict><dict><key>CFBundleURLSchemes</key><array><string>MyApp</string></array></dict></array>

There was a similar question previously which I answered here.

Community
  • 1
  • 1
Diamond
  • 7,428
  • 22
  • 37
  • 1
    Thanks, buddy! The "build hint" is now working. (I did not change the pakcage name and app name last time) – ikevin8me Mar 10 '17 at 05:30