How can I fix this on iOS using Swift? When I'm making a server request I get the following error:
The certificate for this server is invalid. You might be connecting to a server that is pretending to be “...” which could put your confidential information at risk.
You just need to install the certificates on the iOS simulators
From Charles Documentation:
Quit your iOS Simulator. Launch Charles and go to the Help menu.
Choose the "SSL Proxying > Install Charles Root Certificate in iOS
Simulators" item. This will install your Charles Root Certificate into
all of your iOS Simulators. Now when you start the iOS Simulator, you
should be able to access SSL websites with Charles using SSL Proxyin
You are most probably trying to connect to server with self-signed ssl certificate. iOS does not like it.
Take a look at this post as an example: Swift SSL error with self signed certificate.
Other possible issue is a proxy configuration with something like Charles behind it.
More details will maybe help to identify the root of the issue...
After enabling certificate transparency in Ionic application config file, AJAX calls started failing for iOS 10.3 with SSL error. However, it is working without any issues in iOS 11 and greater. Connection with server works fine with native iOS application, Angular Web Application. It fails only in Cordova compiled application.
Configuration which results in failed AJAX communication
<access minimum-tls-version="TLSv1.2" origin="https://example.com" requires-certificate-transparency="true" requires-forward-secrecy="false" />
Communication works with following setting in XCode
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
In network logs, it seems application is sending UNKNOWN during SSL handshake.
EDIT - had to revisit the question and read it properly
At first I thought the configuration could be at fault but then the:
UNKNOWN during SSL handshake
caught my eye.
As of iOS 10.3, the default for new custom certificates is to not
trust them. Yes, this option existed prior to 10.3 but it was not enforced so it was turn on by default. You can find this information on a charles proxy blog - which is connected to the application, but I think it is valid in your case too.
To enable the certificate:
You have to go to Settings > General > About > Certificate Trust Settings and enable the certificate that is needed.
You can find it mentioned here Technical Q&A QA1948
HTTPS and Test Servers.
In addition:
You can use nscurl tool to diagnose your ATS connection issues.
Usage /usr/bin/nscurl --ats-diagnostics [--verbose] URL then you will what fails in greater detail.
When I use Xcode 9.0 download Simulator (Xcode - Preferences - Components - Simulator), It will show "Could not download and install iOS 8.1 Simulator. The certificate for this server is invalid. You might be connecting to a server that is pretending to be “devimages.apple.com.edgekey.net” which could put your confidential information at risk."
More detail problem
I found that I can download the simulator for iOS10.0 and above, but I can not download the simulator below iOS 10.0.
As you can see:
When I click to download the simulator above iOS 10.0, it's work.
But when I download an emulator below the iOS 10.0 version, it will display a warning.
I have tried this solution:
Copy the download address of the .dmg suffix(https://devimages.apple.com.edgekey.net/downloads/xcode/simulators/com.apple.pkg.iPhoneSimulatorSDK9_2-9.2.1.1451951473.dmg from #Mesut GÜNEŞ answer) and open it in the Safari browser.
The browser will displays a warning show that the server certificate is invalid and automatically disables the continued access to the URL.
Click "visit the site" and now i can download the simulator installation package on the browser.
After the installation package is downloaded, drag the installation package to the cache. directory(/Users/Andy/Library/Caches/com.apple.dt.Xcode/Downloads)
Open Xcode-Preferences to download and install the Simulator.
So it just put the installation package into the cache directory in advance, in order to download faster. But the problem is that this warning window prevents me from starting the download. Even if I downloaded the installation package, but I still can't install it.
I actually found another way, if you're fine with updating your certificate trust settings. Browse to https://devimages.apple.com.edgekey.net/downloads/xcode/simulators in Safari. You'll see this:
If you click on "visit this website", then it will prompt you for admin credentials to update your certificate trust settings. After doing that, the download links work in Xcode like normal.
Seems like network issue, you can check the log and download the related .dmg file via browser. See the log:
sudo /Applications/Xcode.app/Contents/MacOS/Xcode
Password:
2017-09-27 09:35:05.531 Xcode[24753:3375917] plugin com.apple.dt.XCDocumenter.XCDocumenterExtension interrupted
2017-09-27 09:35:05.567 Xcode[24753:3376388] Hub connection error Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.dt.XCDocumenter.XCDocumenterExtension" UserInfo={NSDebugDescription=connection to service named com.apple.dt.XCDocu
), NSUnderlyingError=0x7fb6702b4c00 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “devimages.apple.com.edgekey.net” which could put your confidential information at risk." UserInfo={NSErrorFailingURLStringKey=https://devimages.apple.com.edgekey.net/downloads/xcode/simulators/com.apple.pkg.iPhoneSimulatorSDK9_2-9.2.1.1451951473.dmg, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, kCFStreamPropertySSLPeerCertificates=(
"<SecCertificate 0x7fb674e40f80 [0x7fff78314440]>",
"<SecCertificate 0x7fb674ef4770 [0x7fff78314440]>"
), _kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fb674da1550 [0x7fff78314440]>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “devimages.apple.com.edgekey.net” which could put your confidential information at risk., _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://devimages.apple.com.edgekey.net/downloads/xcode/simulators/com.apple.pkg.iPhoneSimulatorSDK9_2-9.2.1.1451951473.dmg, _kCFStreamErrorCodeKey=-9813}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “devimages.apple.com.edgekey.net” which could put your confidential information at risk., NSErrorFailingURLKey=https://devimages.apple.com.edgekey.net/downloads/xcode/simulators/com.apple.pkg.iPhoneSimulatorSDK9_2-9.2.1.1451951473.dmg, NSErrorFailingURLStringKey=https://devimages.apple.com.edgekey.net/downloads/xcode/simulators/com.apple.pkg.iPhoneSimulatorSDK9_2-9.2.1.1451951473.dmg, NSErrorClientCertificateStateKey=0}
2017-09-27 10:05:14.344 Xcode[24909:3382580] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2017-09-27 10:05:14.513 Xcode[24909:3382580] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
dowloandable link in the log: https://devimages.apple.com.edgekey.net/downloads/xcode/simulators/com.apple.pkg.iPhoneSimulatorSDK9_2-9.2.1.1451951473.dmg
move the downloaded .dmg file to com.apple.dt.Xcode/Downloads directory. To do this open ~/Library/Caches in finder and show com.apple.dt.Xcode and go to Downloads.
Note: com.apple.dt.Xcode isn’t a true “directory”. It's a package. But we can still access it’s contents by right clicking on the file and clicking “Show Package Contents”
Open Xcode->Preferences->Component and click related simulator to continue installation with downloaded file
Optional: Restart Xcode if it still gives error of private connection & do step 3.
I had same issue few months back, and the problem was with my Network (in my case, access to various sites were blocked in office).
I switched to another network and download necessary simulators. (My colleagues also had the same issue and above solution works)
Try to change your network and make sure that you are not connected with any proxy server.
Hope this will help you out.
I have a Comodo Domain Control Validated certificate from namecheap.com
According to namecheap customer support & ssl labs (http://bit.ly/1JYODhn) I have installed this certificate properly.
My problem is: The certificate throws a warning on Iphone 5 (ios - 7 & 8 and safari 7) . It should be noted the warning is not thrown on Desktops, or Iphone 6.
I have already verified my SSL Certificate Chain and there are no problems there. namecheap.com recommends I add my root certificate to the chain, I am not so sure of this since ssl labs says this is a problem.
Anyone know what setting IOS is so sensitive to in SSL installations?
Error from Apache Logs:
[Tue Apr 21 15:32:54 2015] [debug] ssl_engine_kernel.c(1924): OpenSSL: Exit: error in SSLv3 read client hello C
I am trying to build a app using PJSIP library.
I am able to establish the connection successfully with UDP and TCP
when Connecting with TLS i receive unsupported Transport error (17160)
please help..
You should enable TLS transport by using OpenSSL, see:
http://trac.pjsip.org/repos/wiki/Getting-Started/iPhone#OpenSSLSuport
If you have problems building openssl, search 'openssl-xcode' in github.
configure:
./configure-iphone --with-ssl=your-openssl-lib-dir
You will see logs if SSL enabled.