I am building an App which retrieves some data from a server. The server can be installed elsewhere (I have also built the server) and after setting the correct host in the App you are good to go.
Now my problem. I am trying to make things as secure as possible, and one of those aspects is using SSL. I am using self-signed certificates on the server side, but I can't get it accepted by my iOS app. At first I got the warning that the certificate is not trustworthy even from the PC that is running the server, but after I found this answer [1], I got the "https" being accepted from my browser (and fiddler), it also turns green when calling the server url, so everything is now working fine, but just from the PC where the server is running.
When I try to call the url from an external device, I again get the message that the certificate is not trustworthy (which I understand because I signed the certificate myself, but here I am looking for some way to baypass that), and from inside my app I cannot establish a connection.
So, can I set my self-signed certificate as "trustworthy" for external devices? (Expecting every customer to buy their own certificate is not an option.)
Or, is there an Apple-approved way to accept this certificate from inside my iOS App? I know I can get it accepted by changing something in the private API of NSURLRequest
(if somebody is interested I can explain that), but I have been reading that in this case it is likely that my app is going to be rejected. So here I am looking for some "legal" way of accepting my self-signed certificate.
[1] How to create a self-signed certificate for a domain name for development?
This will disable the ssl cert check so you can use your self signed cert for testing
I solved this problem recently working on my iOS Web Bluetooth app WebBLE.
Before that though it's worth saying in answer to the OP:
can I set my self-signed certificate as "trustworthy" for external devices?
no, because if the server could somehow tell a client to trust its self-signed certificates that would defeat the entire point of signing certificates! So your client needs to support them and you will need to work out how to configure them for each client.
The steps that I took (lifted from my FAQ for WebBLE ) to install and use a self-signed certificate in any webkit-using app on iOS (such as WebBLE and Safari) are as follows:
/CN “Common Name”
for your local server, eg mycomputer.local
. General -> Profile -> <Common Name>
. The Profile menu probably won't be there at all until you've installed the first certificate. The certificate should be marked Verified (it was verified by you when you installed it). Hat-tip to blog.httpwatch.com for getting me most of the way there. They just didn't have step 6 for some reason.
Edit
Re-reading the question, I realize the OP also wants a way to distribute their app such that it can use the self-signed certificate for all clients. This is not a good idea for various reasons, not least that:
In production you should get a certificate signed by a reputable third party agent so that iOS will accept it by default. Then you can renew it periodically and also revoke it if it gets stolen. It's free to get basic certificates for a domain using a service like letsencrypt.org , so that's what you should do.
For development it's still useful to use self-signed certificates, and my answer helps with that.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.