HTTPS with self-signed certificate in the app's keychain

views:

514

answers:

+1 Q:

HTTPS with self-signed certificate in the app's keychain

I have to connect my iPhone app to a server with a self-signed certificate via HTTPS. I cannot change the certificate or the server.

Since I don't want to accept all self-signed certs, just this one, my idea was to import the cert to the apps keychain (reading the cert from file and adding it to the keychain with SecItemAdd).

If I run the App in the Simulator, install the cert and then search the keychain for it (using SecItemCopyMatching), the cert is found, but the connection still fails with "untrusted server certificate" error.

Is this a problem with the simulator or my app? Do I have to do anything else, for this to work? Or can I assume, that if I add a certificate to the keychain on a real device, the connect to the server will be successfull(I'm using NSURLConnection.sendSynchronousRequest)?

Thanks for any help!

+1 A:

You can use ASIHTTPRequest library. It allows to ignore certificate validation by setting validatesSecureCertificate property of ASIHTTPRequest object to NO.

Morion 2010-01-13 13:22:45

Wouldn't this change my app to accept any self-signed certificate? I would like to enable connections only with this specific cert. Is this possible with a keychain entry at all (like in Java)?

jelenaasche 2010-01-13 14:16:36

this property is just set to the request, not for the whole app.

Morion 2010-01-13 14:43:52

Sorry for confusion, I actually meant requests, not the whole app. I would like to establish the connection only if the server has that specific cert, not any other self-signed. Is it possible with the keychain entry?

jelenaasche 2010-01-13 14:52:53

ansaurus

tags:

views:

answers:

HTTPS with self-signed certificate in the app's keychain

related questions