9

I am trying to get a self-signed certificate to work with my application.

I am using the ASIHTTPRequest library at the moment like so :

- (IBAction)sendHttpsRequest
{    
    //Set request address
    NSMutableString *databaseURL = [[NSMutableString alloc] initWithString:@"https://142.18.87.46:443"];

    //call ASIHTTP delegates (Used to connect to database)
    NSURL *url = [NSURL URLWithString:databaseURL];

    //This sets up all other request
    ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];

    [request setDelegate:self];
    [request setValidatesSecureCertificate:YES];
    [request startAsynchronous];
}

I have set setValidatesSecureCertificate to YES in the hope that something would happen but obviously nothing has because I'm not sure what I have to do.

This is the error I'm getting in my log

2011-12-06 14:27:33.514 connectionTest[916:207] Error Domain=ASIHTTPRequestErrorDomain Code=1 "A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)" UserInfo=0x683a860 {NSUnderlyingError=0x68390d0 "The operation couldn’t be completed. (OSStatus error -9807.)", NSLocalizedDescription=A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)}

Any help would be greatly appreciated.

David Gelhar
  • 27,873
  • 3
  • 67
  • 84
C.Johns
  • 10,185
  • 20
  • 102
  • 156
  • I have just read on the asihttprequest site these functions might help me http://allseeing-i.com/ASIHTTPRequest/How-to-use#client_certificates – C.Johns Dec 06 '11 at 01:41

1 Answers1

30

I have set setValidatesSecureCertificate to YES in the hope that something would happen but obviously nothing has because I'm not sure what I have to do.

This is the problem. It defaults to YES and you need to set it to NO. As your certificate is self-signed, iOS can't validate the certificate - there is no trusted authority in the system that has signed the certificate, so it has no basis for saying that it is valid. So if you ask it to validate the certificate (which is the default), it has to reject it. You have to disable certificate validation to get self-signed certificates to work.

Jim
  • 72,985
  • 14
  • 101
  • 108
  • So by setting the validation to No what effect dose that have on the future communications with the server? – C.Johns Dec 06 '11 at 01:49
  • It skips the validation of the certificate. There's no great mystery - normally it validates the certificate, setting the property to `NO` means it won't. – Jim Dec 06 '11 at 02:06
  • yea. I guess it also skips the encryption then. thanks for the help. – C.Johns Dec 06 '11 at 03:05
  • 6
    It skips the validation of the certificate. That's it. It doesn't skip the encryption. It doesn't "change the future communications with the server". You are telling it to skip validation of the certificate and it is doing so. Please, if you need to use a secure channel to communicate with a web service, take some time to understand the protocol you are using. Don't just randomly change stuff in the hopes of getting it to work. If you're using HTTPS, presumably this is supposed to be secure, and it's not going to be if you don't understand what you are doing. – Jim Dec 06 '11 at 12:14
  • 2
    I know this is a really old post, but I am going through using SSL Self-Signed Certificates. It appears that turning off "setValidatesSecureCertificate" (setting it to NO) and using Self Signed certificates leaves you open to man in the middle attacks. – Mausimo Nov 22 '13 at 00:08