views:

937

answers:

3

Hi,

I develop an iPhone framework which sends HTTPS requests in order to communicate with a publicly available backend server. Currently I have a big problem regarding untrusted server certificates.

The certificate of the backend server is not signed by a trusted CA, so my first approach was to use NSURLRequest's private allowsAnyHTTPSCertificateForHost. While this worked as expected and was fine as temporary workaround, our customer demands a clean solution as final result. Therefore I wrote a method which allows to install a provided certificate from the file system in the keychain, but this method does not work as expected in the iPhone Simulator. The certificate is installed in the host machine's Mac OS X keychain instead. Unfortunately, if I call NSURLConnection's sendSynchronousRequest method, I retrieve an "untrusted server certificate" error. It seems as if NSURLConnection is not able to access the host's Mac OS X keychain to retrieve the certificate.

Is my guess correct or did I miss something?

Would my approach work if I ran my app on a real iPhone device instead (I do not have one available yet)?

Does there exist a keychain in the iPhone Simulator at all?

Is it at all possible to send HTTPS requests to a server with an untrusted certificate on the iPhone Simulator or do I have to use precompiler directives to implement different routines depending on the underlying platform (simulator or device, respectively)?

Any help is highly appreciated.

Thanks, Matthias

+1  A: 

You can :) See this thread.

Adam Woś
Thanks for the answer. But I prefer the approach of installing a certificate in the keychain programmatically. The questions that remains is if the requests would succeed on the iPhone device itself if the server certificate was installed in the keychain by the same app beforehand.
ma77h1a5
As a user, I would not trust an application to install a certificate. The whole point of certificates and signing is a chain of trust, and allowing an application to install its own signing certificate breaks that chain. I will go so far as to say that I truly hope that the iPhone SDK will not permit an app to do this.Determining that a signing certificate should be trusted is something that ONLY a user should do.
Chris Cleeland
A: 

You can get free trusted SSL certificates at http://startssl.com

Beat Bolli
A: 

Perhaps the ASIHTTPRequest library can help with that?

Canada Dev