iOS HTTPS SSL证书

Question

Scenario I am working on an application that needs to make use of https for network communication. Currently our user credentials (username, password...) are being sent in plain text over our URL. (ex. http://www.myserver.com/service?username=USERNAME&password=PASSWORD... ). This is not good for our client. I am new to using https and even newer to setting up an iOS app to use https . So I have a few questions:

assumption : I believe an iOS app must contain an SSL certificate to then be validated on the server side. Correct me if I'm wrong.

1) Where/How do I get a certificate?

2) How do I import the certificate into the application?

3) How do I validate the certificate with the one of server?

4) If the certificate is deemed invalid, how do I work around that?

And if there is anything I am missing or misunderstanding please correct me.

Answer 1

Your iOS app does not need to contain an SSL certificate. Instead, it is the server that needs an SSL certificate. On the iOS app side you only need to replace the http:// URL with an https:// URL. When your app makes the https connection to the server iOS's networking code will check the validity of the server's certificate, so you can be confident that you are communicating with the right server. Anything you send over the https connection will be protected from eavesdropping by encryption.

You can test whether the server has a certificate by entering its https:// URL into a web browser. If the browser displays a lock icon, the server has a valid certificate. You can click on the lock icon for more information about the server's certificate.