HTTPS with a self-signed certificate in the application keychain

Question

HTTPS with a self-signed certificate in the application keychain

I need to connect an iPhone application to a server with a self-signed certificate through HTTPS. I cannot change the certificate or server.

Since I do not want to accept all self-signed certificates, only this, my idea was to import the certificate into keychain applications (reading the certificate from a file and adding it to the keychain using SecItemAdd).

If I run the application in the simulator, install the certificate, and then search for the keyword (using SecItemCopyMatching) in it, the certificate is found, but the connection still fails with the "untrusted server certificate" error.

Is this a problem with the simulator or my application? Do I need to do something for this to work? Or can I assume that if I add a certificate to the keychain on a real device, the connection to the server will be successful (I use NSURLConnection.sendSynchronousRequest)?

Thanks for any help!

+3

iphone keychain self-signed

jelenaasche Jan 13 '10 at 13:00

source share

2 answers

Morion · Answer 1 · 2010-01-13T13:22:45+0000

You can use the ASIHTTPRequest library. This allows you to ignore certificate verification by setting the property of the validatesSecureCertificateobject ASIHTTPRequestto NO.

Vipera berus · Answer 2 · 2011-03-23T09:26:25+0000

This should work with some caveats in the simulator, see the Apple AdvancedURLConnections sample code example.

HTTPS with a self-signed certificate in the application keychain

More articles: