I want to debug some HTTPS traffic from an IPhone app using Fiddler.
After installing the Fiddler-generated certificate on the IPhone, I am able to see most of the HTTPS-Traffic but unfortunately the HTTPS-Requests I want to debug use a client certificate which I have to copy to my PC in order to see the traffic.
Is there a general way to download that specific certificate?
Related
I've got all the settings right and I'm intercepting the SSL traffic.
The only problem is SSL handshake failing.
I've installed the Charles Proxy SSL certificate on my iPhone and marked it as trusted.
It's a 3rd party app (non apple, non google) that I'm trying to see it's traffic. Please guide.
Network Traffic
SSL Proxying Settings
If it's a 3rd party app and you don't have the source code, it can't be done. The app needs to explicitly allow the Charles SSL cert, or set "Application Transport Security > Allow Arbitrary Loads" to YES in its Info.plist. The Charles iOS app may be able to do it.
Charles the debugging proxy is able to create self-sign certificate for iOS, and I want to do the same with my testing app. So I use SSL to set up the connection between an iOS app and a server. The server's certificate is self-signed and will not be accepted by the iOS. I downloaded the certificate file to the iOS device I was using and manually installed it into the system, and it reads red text Not Verified. My app still fails to connect to the server (while the Android app could establish a connection just fine). Is there a way to create a self-signed trusted certificate for an iOS device like Charles the debugging proxy is able to do?
I have gone through dozens of articles, stackoverflow questions and sites, my only requirement is to send .ipa file through url where client could check it in safari and install.
does not want third party installation, I've got my own server
my server is not having ssl that means it can be sent only http not https. please dont ask me to have ssl.
could able to install in any ios device, udid is not added to enterprise certificate.
My problem is when I am keeping these 3 file that are a) index.html. b)manifest.plist. and c).ipa file in server and trying to install in device, I am getting an pop up message saying that "certificate is not valid." Please help.
Hope the link below helps you out.
http://readwrite.com/2010/12/16/apple-best-kept-secret-how-to-do-ad-hoc-installs
But i dont think Apple allows you to distribute using http. Https is a mandatory for the URL that the user uses to download. So until you get a https i dont see that issue being solved
Your own server should be fine. As long as your .plist and .ipa are both accessible on the network to which the iPhone is connected.
Unfortunately, starting with iOS 7.1, app installs must be accessible over SSL (https).
The only way to do this is with an enterprise distribution profile. You will need to have an enterprise account to do this, which will require a company's EIN. So you can't do this as an individual developer. (https://developer.apple.com/programs/enterprise/)
You are seeing the error because of the lack of a valid SSL certificate on your server. iOS is swapping your http:// link in your plist with https:// (see this post: https://stackoverflow.com/a/20276908/3708242), which as you said does not have ssl enabled.
Bottom line, you'll need to get a server with SSL to host the files. Also, if you don't want / can't manage the UDIDs for the devices, you will need to get yourself an enterprise account so you can create an enterprise distribution profile to use to build your app.
There are online tools that simplify this process of sharing, for example https://abbashare.com or https://diawi.com
Create an ipa file from xcode with adhoc or inhouse profile, and upload this file on these site.
I prefer abbashare because save file on your dropbox and you can delete it whenever you want
I've set up Universal Links in our app, and I'm unable to retrieve the apple-app-site-association file from my server on app install. The device console is giving the following error where it attempts to retrieve the file during the install:
Rejecting URL 'https://example.com/apple-app-site-association' for auth method 'NSURLAuthenticationMethodServerTrust': -6754/0xFFFFE59E kAuthenticationErr
I'm able to retrieve the file successfully in Safari using the same device. It's hosted via https with a standard verisign issued EV cert. I don't get any SSL errors when retrieving the file outside of app install, so I'm confident the cert is configured correctly on the server side.
What could be causing this error?
As it turns out this issue was caused by having Worx by Citrix installed on the phone. This app installed a profile by XenMobile on the phone that was interfering with the ssl handshake between our server and apple. This was only the case when installing test apps on the phone. Our production app downloaded from the App Store works just fine. Also, if I remove the Citrix apps and the associated XenMobile profile, it works. Very annoying.
For me the issue was a missing capability entry: activitycontinuation:com.example.app. For some reason, when the apple-app-site-association file is hosted on an IIS server that capability needs to be added in addition to applinks:com.example.app.
I am working on mobile HTML5 site using HTML5/JQueryMobile and server is in php. I changed sever settings from HTTP to HTTPS but now from my mobile it shows these type of error
[Error] Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “www.example.com” which could put your confidential information at risk.
when using in IPhone 5 with IOs 7.1.2.
How to handle that issue. What things i have to do?
For us this happened with the update to iOS 13. The requirements for trusted certificates changed, so we needed to adjust the certificate.
See the official page of Apple
You are using a self-signed certificate. Thus your iPhone doesn't trust your certificate.
Either add the certificate to your iPhone as a trusted certificate. (recommended)
Or create a official certificate from a trusted authority. (recommended for production usage)
Or make requests and allowing insecure (self-signed) certificates. (not really recommended, but might be the fastest solution)