Home/ Questions/Q 537847
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T09:58:12+00:00

I have an application that connects fine over http. When trying https I got

  • 0

I have an application that connects fine over http. When trying https I got the error that says that the root cert is not trusted. I found URLs for my site certificate, its CA certificate, and the CA’s root certificate and have added them through Safari to the phone. Now when I go to Preferences -> General -> Profiles I can see all my certificates that go all the way up the chain. There is a red unsigned label on each certificate. Still when I connect I get the NSURLErrorServerCertificateUntrusted error. I’m trying to figure where to go next.

Any help would be great. The only other thing that may affect this, is that I am connecting to an odd port. So my url is http://www.domain.com:port. Does the port number create a certificate – domain name mismatch?

Now I have used the iPhone Configuration Utility to add a configuration profile to the phone. It has my root certificate, ca certificate, and site certificate. The profile on the phone says its verified. In the details I can see my three certificates. But when I try to connect, I still get the untrusted certificate error. Any suggestions?

Just trying to see if anyone else can help on this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There is a supported API for ignoring bad certificates during NSURLConnection loads. To do so, simply add something like this to your NSURLConnection delegate:

    - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
  return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
  if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    if (... user allows connection despite bad certificate ...)
      [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];

  [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

    Note that connection:didReceiveAuthenticationChallenge: can send its message to challenge.sender (much) later, after presenting a dialog box to the user if necessary, etc.

    • 0