I have an iOS app on TestFlight that is using a LAMP server running on an EC2 Instance on AWS. It has an elastic IP, and therefore has a Public DNS: ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com
So currently from the app itself I run commands directly through the elastic IP like so:
let url = URL(string: "http://xx.xx.xx.xx/API/SignIn.php?username=\(username)");
Now this works great, however I want to start moving everything to HTTPS.
So I was hoping to go about it like so, using the public DNS:
let url = URL(string: "https://ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com/API/SignIn.php?username=\(username)");
But this method keeps shouting at me:
"An SSL error has occurred and a secure connection to the server cannot be made"
So far what I've done is the openSSL process, I created a certificate and key, and I put it in the apache config file:
<VirtualHost _default_:443>
ServerName ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com
ServerAlias www.ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com
DocumentRoot /var/www/htdocs
SSLEngine on
SSLCertificateFile /home/ubuntu/cert.pem
SSLCertificateKeyFile /home/ubuntu/key.pem
</VirtualHost>
And of course I have the security groups set to HTTPS port 443.
The HTTPS is in fact accessible from say Safari, but obviously it is still not a trusted website.
I tried going through the CertBot free path - but they cannot allow an SSL certificate for AWS created domains (understandable, they aren't too reliable and change often).
I also tried going through AWS itself, created a certificate in the Certificate Manager (it was approved and Issued to me), but then when I tried to use it in the Load Balancer - but the certificate just doesn't show up there (maybe I'm doing it wrong, I tried many ways but it just doesn't seem to work)
I would really love to go about this without having to purchase a domain, but right now I don't see any other way. Does anyone know of another way?
Also I'd rather AVOID the part where I tell iOS to ignore the security, because I don't want Apple to reject my app:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
Use
URLSessionDelegate
to trust the certificate if you are using URLSession to perfomr the request and implement the following func
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
print("delegate call")
if challenge.protectionSpace.host == "ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com" {
completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
} else {
completionHandler(.performDefaultHandling, nil)
}
}
to trust the certification since SSl Ocurred because the sing of the certificaction has a mistmatch. if your are using Alamofire to perform the request ten use version 4.7 because version 5 is not posible yet to truth a not valid certificate.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.