AFNetworking https self signed certificate

Question

I have self signed certificate validation on server. When I try use api https://wikiroutes.info/test/api/ios/getCities in browser on mac, its work only when I accept .p12 certificate. I don't find where I can input password for .p12 in AFNetworking. Also I have file .der, but when I use it, I have error kSecTrustResultRecoverableTrustFailure on the code SecTrustEvaluate(allowedTrust, &result)

my code

NSString* fileRoot = [[NSBundle mainBundle] pathForResource:@"cert.pem" ofType:@"der"];
NSData *certData = [[NSData alloc] initWithContentsOfFile:fileRoot];

AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init];
securityPolicy.SSLPinningMode = AFSSLPinningModeCertificate;
[securityPolicy setAllowInvalidCertificates:YES];
securityPolicy.pinnedCertificates = @[certData];

AFHTTPRequestOperationManager *operationManager = [[AFHTTPRequestOperationManager alloc] initWithBaseURL:[NSURL URLWithString:@"https://wikiroutes.info"]];
operationManager.responseSerializer.acceptableContentTypes = [NSSet setWithObject:@"text/plain"];
operationManager.securityPolicy = securityPolicy;

[operationManager GET:@"test/api/ios/getCities" parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject) {
    NSLog(@"response %@",responseObject);
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
    NSLog(@"error %@",error);
}];

Its my test project. https://www.dropbox.com/s/410w5bau3e3slx9/testApp.zip

its certificate files

https://www.dropbox.com/s/hk9hywri37wxpet/cert.pem.der https://www.dropbox.com/s/2cpfhokh59jo15d/cert.p12 (password - nM123456)

Answer 1

据我所知，AFNetworking会自动搜索扩展名为“ .cer”的DER格式的证书，因此您需要像这样转换PEM证书：

openssl x509 -in cert.pem -outform der -out cert.cer