Https iOS with Self Signed Certificate

Https iOS with self signed certificate

By default, Cocoa refuses all SSL connections when the certificate is invalid.

However, you can force them to accept also invalid certificates. The method depends on which library/framework you are using. For example:

  • For NSURLConnection, check this answer.
  • For ASIHTTPRequest, you need to set the property validatesSecureCertificate to NO.
  • For AFNetworking, you can check the code to use in this page
  • For CFNetwork, the low-level Foundation framework, check this sample code.
  • For SURLConnection, which looks like you're using, you need to follow the same instructions for NSURLConnection. Indeed, SURLConnection is just a subclass of NSURLConnection.

Important note:
The code above, to accept any kind of SSL certificate, even if invalid, is a serious security risk. Basically, it makes the whole SSL useless. As a consequence, you should use that code only during development, if you really need to test with SSL connections.

Please also note that Apple will reject any application submitted to the App Store that accepts invalid SSL certificates.

Self-signed certificates on iOS

When using Cordova on iOS, if you want to use self signed certificates you have to add this code to your app.

@implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
@end

So that's probably what this means

The reason is that accepting self-signed certificates bypasses the
certificate chain validation, which allows any server certificate to
be considered valid by the device.

Unlike Android, this is an all or nothing, once you add that all the validations are skipped.

Adding that only affects your app, not other apps, but it affects all the connections your WebView does. So it makes your app highly insecure as people could easily do man in the middle attacks.

Self-Signed CA not trusted in iOS 13 anymore

Nothing is known about your certificate but it might be that it is not meeting the new requirements introduced in iOS 13. Requirements for trusted certificates in iOS 13 and macOS 10.15 describes these and these include that RSA keys must be at least 2048 bits and it is no longer possible to use SHA-1 as signature algorithm.


Related Topics

Unexpected Behavior When Casting an Nsnumber to Float

Sort Array of Dictionaries by Key Value

Why Can't I Invert My Image Back to Original with Cifilter in My Swift iOS App

Get Random Child from Firebase Database

iOS 7 Parallax Effect in My View Controller

Implementing Fast and Efficient Core Data Import on iOS 5

Xcode 10: a Valid Provisioning Profile for This Executable Was Not Found

Images Can't Contain Alpha Channels or Transparencies

Dashed Line Border Around Uiview

Custom Cell Row Height Setting in Storyboard Is Not Responding

Uiimageview Missing Images in Launch Screen on Device

Error Itms-9000: "Redundant Binary Upload. There Already Exists a Binary Upload with Build Version '1.0' for Train '1.0'"

Crashlytics Is Not Sending Crash Report from Iphone

Openurl: Deprecated in iOS 10

Programmatically Get a Storyboard Id

Uitextviews in a Uitableview Link Detection Bug in iOS 7

Use Table View Disclosure Indicator Style for Uibutton iOS

Uisearchbar: Clear Background Color or Set Background Image


Leave a reply



Submit