I have an application that connects fine over http. When trying https I got the error that say开发者_开发问答s that the root cert is not trusted. I found URLs for my site certificate, its CA certificate, and the CA's root certificate and have added them through Safari to the phone. Now when I go to Preferences -> General -> Profiles I can see all my certificates that go all the way up the chain. There is a red unsigned label on each certificate. Still when I connect I get the NSURLErrorServerCertificateUntrusted error. I'm trying to figure where to go next.
Any help would be great. The only other thing that may affect this, is that I am connecting to an odd port. So my url is www.domain.com:port. Does the port number create a certificate - domain name mismatch?
Now I have used the iPhone Configuration Utility to add a configuration profile to the phone. It has my root certificate, ca certificate, and site certificate. The profile on the phone says its verified. In the details I can see my three certificates. But when I try to connect, I still get the untrusted certificate error. Any suggestions?
Just trying to see if anyone else can help on this?
There is a supported API for ignoring bad certificates during NSURLConnection loads. To do so, simply add something like this to your NSURLConnection delegate:
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
if (... user allows connection despite bad certificate ...)
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
Note that connection:didReceiveAuthenticationChallenge: can send its message to challenge.sender (much) later, after presenting a dialog box to the user if necessary, etc.
精彩评论