I have been developing iOS for years but this is my first time building a backend for an app, so SSL subject matter isn't a strong point for me.
I have installed a SSL certificate on my IIS 8.0 (Server 2012). I have confirmed that the https endpoint is functioning properly.
My question: Is there anything I have to do in my iOS application (using RestKit 0.2 for server communication) other than change the endpoint from http to https? I'm not sure when I consider the traffic going to the server to be "secure". Bit of a noob question I know but, I don't want to miss something simple on the iOS side and think everything is secure when it is not.
Thanks for any help.
Related
I have used GCDWebServer for an http server on iOS. However, by the end of the year https will be required. Is there another web server library compatible with https for IOS? I have no idea what is involved with a change like this.
This library supports https -
https://github.com/robbiehanson/CocoaHTTPServer
Although its old but very reliable. Our company have been using it for over 4 years and currently we are in process of switching to 'https'.
We have an issue with SSL since a few days ago.
Our APIs reside at amazon, and the app is calling the API via HTTPS.
For months it has been good, but since a few days we started getting:
An SSL error has occurred and a secure connection to the server cannot
be made.
Amazon says its nothing on their side. But we can't pinpoint on the issue, as this is happens sporadically and random countries, ios versions and models...
How can we understand where the problem is?
Thank you
After testing and research it seems the NotificationURL parameter requires a fully valid SSL certificate or the subscribe call fails.
I am wondering if there is a way I have not found or a clever workaround to use the Office 365 Notifications with a self-signed SSL certificate installed on the NotificationURL during development?
Thanks!
Steve
I won't mark this as answered yet in case there is a better way, but here is my work around for the issue.
I created a small webapi project that takes a base64 encoded url as a parameter, ie: https://site.azurewebsites.com/Notify/aHR0cDovL3NvbWVob3N0OjEyMzQ1L05vdGlmeQ==
It proxies the request to that encoded URL and plays back the response.
I hosted this "proxy" as a free azure website making use of the SSL provided and can now subscribe to notifications via my proxy.
It works well enough and means I can work from anywhere.
I'll see if better ideas come along, but if not will accept this as the answer as it seems to work for my development purposes.
Steve
I've used Ngrok. The free version is sufficient to debug WebHooks
I have set up an API endpoint on my Digital Ocean VPS to receive incoming SMS to my Twilio number. It was working.
Then I started using CloudFlare. I believe that it stopped working after that, but since I receive SMS so infrequently, I am not absolutely sure. Although Twilio's website indicates that they sent an HTTP request and received a 502 Bad Gateway error, my server logs never registered any incoming requests from Twilio. I know that my API endpoint works because when I manually enter the API endpoint in my Chrome browser, my server receives it and logs the GET request as expected.
I tried asking Twilio's support for the full details of the supposedly failed request, but they refuse to give it to me.
Does anyone know which setting in CloudFlare to adjust that may fix this? I've tried turning off and reducing all the security settings as I thought it may be a firewall issue. How else can I go about debugging this problem without turning off CloudFlare completely (I need it on for other purposes)? I will accept the first answer or advice that leads to the solution. Thanks!
EDIT: this is the response from CloudFlare
One thing to ask them, is whether they support the SSL configuration
of Universal SSL - which uses SNI and ECDSA. We have seen instances of
3rd party services not supporting one or both of these, and therefore
failing to make calls via HTTPS.
Universal SSL support is defined by the client machine's support for
two newer features:
Server Name Indication (SNI) Elliptic Curve certificates (ECDSA) What
browsers work with Universal SSL?
If you need broader browser compatibility for older browsers/operating
systems, our Pro plan plan provides this.
Also, if you want to get full information about what your browser
supports, this site will run a check on your browser and tell you the
support your browser has for protocols, ciphers and SNI:
https://cc.dcsec.uni-hannover.de/
Twilio developer evangelist here.
Good news, Twilio now supports SNI! So, this should no longer be a problem.
You might want to check Server Name Indication (SNI) Twilio does not support this, so as a result you get 502 Bad Gateway. Same thing was happening to me. I was able to fix this using Cloud flare Pro see this post
Twilio - TwiML with SNI Support
I want to record web requests using fiddler of an iOS7 native app which using https protocol (with trusted certificates) to communicate with server. I could able to record the requests and after Https decryption option disabled and its worked fine. When Https decryption option enabled app shows invalid/untrusted certifificate alert and cannot proceed even after installing fiddler certificate in iOS.
Question is,
Is there any way to record Https request/response of iOS7 app using fiddler by imitating any other certificate as trusted certificate or anyother way to do that? any suggestions? any other tools? I got another solution from here but it was not worked.
Thanks in advance
You need to use the Fiddler Certificate Maker add-on to generate certificates that iOS is willing to trust.
See http://blogs.telerik.com/fiddler/posts/12-12-21/using-fiddler-with-apple-ios-devices for more information.
Also keep in mind that some iOS applications (like the AppStore) use a technique called "Certificate Pinning" which means that you cannot decrypt their traffic seamlessly unless you jailbreak the device.