如何在iOS应用程序中使用自签名证书
[英]How to use self signed certificate at iOS app
问题描述
Basically our iOS app needs to communicate with a server which has a self signed certificate for now. 
基本上我们的iOS应用程序需要与具有自签名证书的服务器进行通信。 In my app, the https is failing with untrusted server certificate which is understandable. 在我的应用程序中,https使用不受信任的服务器证书失败,这是可以理解的。 The error is like this: 错误是这样的:
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “my host name here” which could put your confidential information at risk."
So I sent the self signed certificate via email to the iOS device and imported into the profiles and hoping that it would be used as part of root CA for https authentication. 因此,我通过电子邮件将自签名证书发送到iOS设备并导入到配置文件中,并希望它将作为根CA的一部分用于https身份验证。 To my surprise, it is not and I am still getting the same error. 令我惊讶的是,它不是,我仍然得到同样的错误。 I think that iOS would be default to use root CAs at keychain to validate the server certificate and from what I read, the imported certificate at profiles are at keychain as well. 我认为iOS默认使用钥匙串上的根CA来验证服务器证书,从我读到的,配置文件中导入的证书也是钥匙串。 So I could not understand why my imported self signed certificate is not used as root CA. 所以我无法理解为什么导入的自签名证书不用作根CA.
At this point, I don't really want to trust this self signed certificate via the coding like this iOS authenticate HTTPS with self-signed certificate or In iOS, how to connect to a server using https with self-signed certificate on the server? 此时,我真的不想通过这样的编码来信任这个自签名证书,例如iOS使用自签名证书验证HTTPS,或者在iOS中,如何使用https在服务器上使用自签名证书连接到服务器? since this won't work in customer case where they would install our server on their network and they could create their own self signed certificate. 因为这不适用于他们将在我们的网络上安装我们的服务器的客户案例,他们可以创建自己的自签名证书。
Somehow I didn't really get much information around this from searching. 不知怎的,我从搜索中得到的信息并不多。 Could anyone shed some lights here and what I need to do to debug this? 任何人都可以在这里发光,我需要做些什么来调试这个? Thanks very much. 非常感谢。
Update on July 15: 7月15日更新:
More update around this. 更多关于此更新。 I also tried to use configuration profile to add a self signed CA to root CA at the iOS device by following Adding Trusted Root Certificate Authorities to iOS , from my testing on 6.0 iPad and iPhone, it doesn't work as well. 我还尝试使用配置文件将自签名CA添加到iOS设备上的根CA,方法是在iOS上添加受信任的根证书颁发机构 ,从我在6.0 iPad和iPhone上测试,它也不起作用。 So not sure if that only works on jail broken device or not. 所以不确定这是否仅适用于监狱破坏的设备。 In the end, I end up by allowing user to import a self signed certificate into the app. 最后,我最终允许用户将自签名证书导入应用程序。 The app would load such imported certificate for certificate verification similar to this In iOS, how to connect to a server using https with self-signed certificate on the server? 该应用程序将加载此类导入证书以进行类似于此的证书验证在iOS中,如何使用服务器上带有自签名证书的https连接到服务器? . 。 Hope that it would help others in this case. 希望在这种情况下它能帮助别人。
1 个解决方案
解决方案1
2 2013-07-15 19:39:10
looking at the first tutorial you linked to you should be able to use that or some more advanced form of that and once you have tested and have it working then all you have to do for a client to create and add their own certificate would be to override/replace the localhost.cer file in the apps folder where the file localhost.cer "or whatever name scheme you use" is located. 看看你链接到你的第一个教程应该能够使用它或一些更高级的形式,一旦你测试并让它工作,那么你只需要为客户创建和添加自己的证书就可以了覆盖/替换文件localhost.cer“或您使用的任何名称方案”所在的apps文件夹中的localhost.cer文件。 there are many ways to do this but one could be telling the app a link where the certificate is online for download and once downloaded, then replace. 有很多方法可以做到这一点,但可以告诉应用程序一个链接,证书在线下载,一旦下载,然后更换。
Any questions I'll try and help further but hopes this helps you in the right direction. 任何问题,我会尝试进一步帮助,但希望这可以帮助您朝着正确的方向前进。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.