"Server certificate untrusted" error in iPhone application

Question

I am using my iPhone application on my iPhone 3G OS 3.0.1 without any problems. The application connects to an API URL at https://api.serverdensity.com/1.0/ and all requests go through it.

A user of the app has reported that they are now suddenly getting an error "untrusted server certificate". No other users are experiencing this issue (that I'm aware of) and I cannot reproduce it.

The SSL certificate is a wildcard certificate on *.serverdensity.com. It is purchased from GoDaddy and is valid until May 2010.

Further, the user is running OS 3.0.1, the time/date are set correctly on the device and if he visits the API URL in Safari, it loads up correctly.

Any suggestions for the cause of this?

Answer 1

I had the same problem!

Did you install there "Intermediate Certificate Bundle"? If you don't then you will get the untrusted server certificate on all mobile platforms (and some PC ones as well).

Web Site Quote:

Before you install your issued SSL certificate you must download and install our intermediate certificate bundle on your Web server. You may also download the bundle from the repository.

Check out the GoDaddy SSL install instructions for your web server setup.

The Intermediate Certificate Bundle can be found here.

Answer 2

I have actually seen this with my own app which also uses a godaddy cert - and yes I have installed the intermediate certs on my server.

It's rare, but this can happen if the user goes onto a wifi hotspot which interjects its login page to the connection attempt. It's actually correct behaviour for SSL, and it's caused by the hotspot effectively doing a man-in-the-middle redirection for your URL.

They can fix it by first going into Safari and getting the connection working.

OS3.0 is supposed to do some automatic login to this kind of hotspot but in my experience it doesn't always work.

edit: to add, before I used SSL I used to detect this for plain http and put up an appropriate error message. It is probably advisable to catch this error in your app and put up a similar message 'you may be connected to a hotspot which requires you to login', etc. Now that you've reminded me, I need to do that in my own app.

Answer 3

I saw the same error message on a jailbroken test phone I had, but not on my other test phones. I never investigated it further, but thought I would mention in case that helps...

Answer 4

It looks like everything checks out with the installation of the certificate. All of the Intermediate certificates are being sent by the server: http://www.sslshopper.com/ssl-checker.html?hostname=api.serverdensity.com

Answer 5

We were previously using a "hardcoded" method of authentication using basic HTTP AUTH when connecting to our API:

NSString *requestURL = [NSString stringWithFormat:@"https://%@:%@@api.serverdensity.com/1.0/?account=%@.serverdensity.com&c=%@", username, password, account, command];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:requestURL] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:60.0];

but switched to using a "proper" method in our latest update:

NSString *requestURL = [NSString stringWithFormat:@"https://api.serverdensity.com/1.0/?account=%@.serverdensity.com&c=%@", account, command];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:requestURL] cachePolicy:NSURLRequestReloadIgnoringLocalCacheData timeoutInterval:60.0];

using NSURLCredential to correctly handle the HTTP authentication. Following this update, the certificate error disappeared for the user concerned.

Answer 6

Please verify the Date and time setting of your iPhone or iPod, if you are facing the error saying "untrusted server certificate".

After correcting the Date and Time from iPhone/iPod "Setting". It will automatically takes care all applications(i.e. Yahoo messenger, Citrix, Push mail ....etc) encounters "Untrusted server certificate" issue. Just give try. Hope it will be a little help for you. Thanks.