views:

514

answers:

1

I have to connect my iPhone app to a server with a self-signed certificate via HTTPS. I cannot change the certificate or the server.

Since I don't want to accept all self-signed certs, just this one, my idea was to import the cert to the apps keychain (reading the cert from file and adding it to the keychain with SecItemAdd).

If I run the App in the Simulator, install the cert and then search the keychain for it (using SecItemCopyMatching), the cert is found, but the connection still fails with "untrusted server certificate" error.

Is this a problem with the simulator or my app? Do I have to do anything else, for this to work? Or can I assume, that if I add a certificate to the keychain on a real device, the connect to the server will be successfull(I'm using NSURLConnection.sendSynchronousRequest)?

Thanks for any help!

+1  A: 

You can use ASIHTTPRequest library. It allows to ignore certificate validation by setting validatesSecureCertificate property of ASIHTTPRequest object to NO.

Morion
Wouldn't this change my app to accept any self-signed certificate? I would like to enable connections only with this specific cert. Is this possible with a keychain entry at all (like in Java)?
jelenaasche
this property is just set to the request, not for the whole app.
Morion
Sorry for confusion, I actually meant requests, not the whole app. I would like to establish the connection only if the server has that specific cert, not any other self-signed. Is it possible with the keychain entry?
jelenaasche