[英]Titanium - "The certificate for this server is invalid. You might be connecting to a server that is pretending to be DOMAIN.COM”
I am developing an app for iOS using Titanium Appcelerator. 我正在使用Titanium Appcelerator开发适用于iOS的应用程序。 I am struggling with securing the connections to my server.
我正在努力确保与服务器的连接安全。 I bought a UCC certificate to protect my server (and other websites) and installed it.
我购买了UCC证书来保护我的服务器(和其他网站)并安装了它。 When I go on any browser, it displays that the connection is secured.
当我使用任何浏览器时,它显示连接已安全。
Now, when I try to create a connection from the app to my server, I get the following error: 现在,当我尝试创建从应用程序到服务器的连接时,出现以下错误:
The certificate for this server is invalid.
该服务器的证书无效。 You might be connecting to a server that is pretending to be DOMAIN.COM
您可能正在连接到假装为DOMAIN.COM的服务器
I've tried with other secured domains, and it works fine. 我已经尝试过其他安全域,并且效果很好。 I am using Ti.Network.createHTTPClient to create my connections.
我正在使用Ti.Network.createHTTPClient创建我的连接。 Does anyone have any idea about that problem?
有人对这个问题有任何想法吗? Is there something I'm missing here?
我在这里想念什么吗?
You should use a securityManager
to communicate with a secured website. 您应该使用
securityManager
与受保护的网站进行通信。 Below is the simple example from the documentation . 以下是文档中的简单示例。 The certificate should be provided as a X.509 certificate file in DER binary format.
证书应以DER二进制格式作为X.509证书文件提供。
Disclaimer: The appcelerator.https
module is a paid feature! 免责声明:
appcelerator.https
模块是一项付费功能!
// Require in the module
var https = require('appcelerator.https'),
securityManager,
httpClient;
// Use the module to create a Security Manager that authenticates the specified URLs
securityManager = https.createX509CertificatePinningSecurityManager([
{
url: "https://dashboard.appcelerator.com",
serverCertificate: "dashboard.appcelerator.com.der"
},
{
url: "https://www.wellsfargo.com",
serverCertificate: "wellsfargo.der"
}
]);
// Create an HTTP client the same way you always have
// but pass in the optional Security Manager that was created previously.
httpClient = Ti.Network.createHTTPClient({
onload: function(e) {
Ti.API.info("Received text: " + this.responseText);
},
onerror: function(e) {
Ti.API.error(e.error);
},
timeout : 5000,
// Set this property before calling the `open` method.
securityManager: securityManager
});
// Prepare the HTTPS connection in the same way you always have
// and the Security Manager will authenticate all servers for
// which it was configured before any communication happens.
httpClient.open("GET", "https://dashboard.appcelerator.com");
// Send the request in the same way you always have.
// Throws a Security Exception if authentication fails.
httpClient.send();
I found the reason why in my case the connection was refused. 我发现了我拒绝连接的原因。 The catch was that I hadn't concatenated the two cert files given by godaddy, which doesn't seem to be a problem on browser, but was breaking the chain of trust for the app.
问题在于,我没有将Godaddy提供的两个证书文件串联在一起,这在浏览器上似乎不是问题,但是却打破了该应用程序的信任链。 Correcting that part fixed the issue, using:
更正该部分可以解决此问题,方法是:
cat gd_bundle-g1-g2.crt >> my_server.crt
to create the full crt file. 创建完整的crt文件。
Note: The first cert file is downloadable on Godaddy's website, but is also attached when you download your crt file. 注意:第一个证书文件可从Godaddy的网站上下载,但在下载crt文件时也将附加到该文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.