The certificate for this server is invalid

StackOverflow https://stackoverflow.com/questions/21197834

Question

I know that if I use following nsurlconnectiondelegate it will be fixed

– connection:willSendRequestForAuthenticationChallenge: – connection:canAuthenticateAgainstProtectionSpace

But I am trying to use

sendAsynchronousRequest:queue:completionHandler:

So you don't get the callback. I looked into apple docs it say following

If authentication is required in order to download the request, the required credentials must be specified as part of the URL. If authentication fails, or credentials are missing, the connection will attempt to continue without credentials.

I could not figure out how to do that. When I looked up all I got is this private call

+(void)setAllowsAnyHTTPSCertificate:(BOOL)inAllow forHost:(NSString *)inHost;

Any idea how to do this?

Following is the error I get

The certificate for this server is invalid. You might be connecting to a server that is pretending to be “example.com=0x8b34da0 {NSErrorFailingURLStringKey=https://example.com/test/, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://example.com/test/, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “example.com” which could put your confidential information at risk., NSUnderlyingError=0xa26c1c0 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “example.com” which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=

Was it helpful?

Solution 4

you can't fix it with the way you are trying

  • either drop to CFNetworking to allow bad certs
  • use NSConnection with a delegate and an undoc'd method
  • use the private API you found

all not good. CFNetwork would have to be OK for apple for now but the other 2 methods aren't even appstore-safe

Better get the server fixed. Thats the easiest and CLEANEST

OTHER TIPS

The webserver which you are using is asking for Server Trust Authentication, you need to properly respond with the appropriate action. You need to implement connection:willSendRequestForAuthenticationChallenge: delegate method and use SecTrustRef to authenticate it.

More information can be found here:- https://developer.apple.com/library/ios/technotes/tn2232/_index.html

This was my code to fix error:

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
    NSURLProtectionSpace *protectionSpace = [challenge protectionSpace];

    id<NSURLAuthenticationChallengeSender> sender = [challenge sender];

    if ([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        SecTrustRef trust = [[challenge protectionSpace] serverTrust];

        NSURLCredential *credential = [[NSURLCredential alloc] initWithTrust:trust];

            [sender useCredential:credential forAuthenticationChallenge:challenge];
    }
    else
    {
        [sender performDefaultHandlingForAuthenticationChallenge:challenge];
    }
}

Try this.

Initiate your session using custom session config as shown below:

let session = URLSession(configuration: URLSessionConfiguration.ephemeral,
                                 delegate: self,
                                 delegateQueue: nil)

Implement the following delegate callback method:

public func urlSession(_: URLSession, task _: URLSessionTask, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
    guard let serverTrust = challenge.protectionSpace.serverTrust else {
        return completionHandler(URLSession.AuthChallengeDisposition.useCredential, nil)
    }
    return completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: serverTrust))
}

If you are using AFNetworking, you can use this code:

(Just as a temp client-side solution!)

AFHTTPSessionManager * apiManager = [AFHTTPSessionManager initWithBaseURL:[NSURL URLWithString:baseURL];
AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
policy.allowInvalidCertificates = YES;
apiManager.securityPolicy = policy;

This issue cannot be fixed with the way you are trying with blocks. you need to set delegates and implement the authentication challenge delegates to bypass the certificate validation. Best solution is to either create a right certificate (make sure it is not self-signed) or change the protocol to HTTP if you are fine with it.

In my case, this error occurred due to my firewall blocked the required url. it's worked fine after removing firewall restrictions

That is a certificate error. you need to change your settings so that your program/os ignores the certificate, or add the url/certificate to a trusted list.

Sorry that is authentication, certificate is authentication. I took a look, and I found this article.

Not sure if it will resolve your issue, but it basically states, that they don't cover the case of connecting to a site with how a certificate in the documentation.

http://www.cocoanetics.com/2009/11/ignoring-certificate-errors-on-nsurlrequest/

In my case, this error occurred due to my system date. It was set as an old date, and the certificate is not effective from that old date. After correct the date, it works.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top