I am trying to allow an HTML5 app deployed to an iPad via Phonegap to connect to web services provided by my development server. The development server has a self-signed certificate. I was able to export my cert in p12 format (with the private key), and using the iPhone Configuration Utility I was able to create a configuration profile and and install it to my iPad. When I look under General -> Profiles on the iPad I can see my configuration profile, and it says "Verified" with a green checkmark. However, it is signed with a signing certificate generated by the iPhone Configuration Utility that is NOT trusted. I believe this is causing web services to fail.
If I hit web services on a production server everything works fine, because the certificate that server has is verified by a major 3rd party issuer. The only problem is hitting my development server. I am able to hit the development server using the host name that the self-signed certificate was issued for by having my iPad hit a proxy server, which has an /etc/hosts entry that resolves to the correct host name. I can hit this site in Chrome on the iPad so I know that is working. However, Chrome also throws up a warning because the certificate is not trusted. It SHOULD be trusted. This works fine on a laptop computer, or in the iOS simulator (for that I had to import the cert into the simulator). It is only on an actual physical device that it won't work.
Surely this kind of dev setup is typical for iOS apps using web services. Can anyone suggest a course of action? Is there a way to get the signing certificate produced by the iPhone Configuration Utility to be trusted?
Related
I have a Mac mini configured as the remotebuild server. Remote building my cordova app to the Mac was working ok in secure mode for a while but I was suddenly greeted with a Error: self signed certificate in certificate chain.
I've followed several suggestions of running the commands,
remotebuild certificates reset
remotebuild certificates generate
then updating the pin accordingly in Visual Studio to no avail. I can build successfully when running in non-secure mode.
remotebuild --secure-mode false
I've also tried cleaning my solution in VS2015, nuking the certs folder on the Mac and re-installing remotebuild. It may be worth noting that something in the build process was constantly corrupting the remote_ios.json file so I was having to keep removing that file to build every other time as explained here.
Any ideas on how to get around this error or why it would suddenly be a point of failure?
This "self signed certificate in certificate chain" error can happen if remotebuild generates a certificate under one identity (hostname / ip address) and is accessed via another one. The client will look at the certificate and find that it doesn't match what it expected, and so it does not trust the server. My guess is that it began failing for you due to a change in your network architecture.
If you know the identity that other machines will attempt to use, for example if they will use some.buildserver.local, then you can instruct remotebuild to generate a certificate using that identity via remotebuild --hostname="some.buildserver.local" --secure=true saveconfig && remotebuild certificates reset && remotebuild certificates generate.
Once you have created new certificates that should match client expectations, if you reconfigure them then they should accept the server's certificate.
Also apart from those I did restart my client computer as well.
My app needs to connect to an internal web server through https.
The server has a self-signed certificate that is valid until next year:
I have installed this certificate in the iOS Simulator and on the device (Certificate.cer):
I am watching the traffic with Charles and the request does not even "leave" my computer.
The problem seems to be due to the SSL Certificate because when I can access the server through the internal url and the port 8080 everything works fine.
I did try the hack with the category allowsAnyHTTPSCertificateForHost:. This did not work in the simulator as well as on the device.
There seems to be official API to do this: How to use NSURLConnection to connect with SSL for an untrusted cert?
However, since this is only my development environment I would prefer not to change my code base for now. Plus I am using a framework to parse my data and I might have to deeply interfere with that framework to get to the API described above.
So my question is, should it not be possible to install the certificate and then use the server as if there was an official SSL certificate.
Email the self-signed certificate to yourself then open it on your iPhone. You will be taken through the steps to install the certificate on your phone.
After iOS 7.1 ,if we want to deploy our Enterprise app over air, the URL for the manifest.plist file has to be HTTPS.
For example:
itms-services://?action=download-manifest&url=https://example.com/manifest.plist
In my server I use a self-signed SSL certificate. When I tap the URL on an iPhone, it says Could not connect to <ip-address> and logs the typical
NSUnderlyingError=0x15d37040 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be `<ip-address>`, which could put your confidential information at risk.
So, I want to know whether I can use the self-signed SSL certificate or not?
If I can, how do I resolve the problem the problem I've encountered?
First have the user install the self-signed SSL certificate on their device. Or use a free verified SSL service.
You will need to have the user install this file https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file
I believe this service provides browser-validated SSL certificates. https://www.startssl.com/?app=1
I'm trying to monitor the HTTPS requests/responses for my iPad app using Fiddler. I have a Windows 7 PC running Fiddler and have configured the HTTP proxy on my iPad to point to the PC using port 8888. This works fine and the CONNECT tunnel messages and 'ClientHello' handshakes can be seen in the capture log. However as soon as I enable the 'Decrypt HTTPS traffic' option in Fiddler, the app is blocked from connecting to the server. I've tried installing the Fiddler root certificate on the PC, and I also installed the certificate on my iPad by exporting the certificate to a URL and pointing Safari to the URL on my iPad which then installed it. This hasn't made a difference. Do I need to do something with the SSL certificate installed at the server running my web service?
Download the Fiddler Add-on for iOS/Android then visit http://[proxyip]:[port]/ using your phone browser. You can generate/download your working certificate from there.
And
Turn on your fiddler certificate at Your iPhone Setting -> General -> About -> Certificate Trush Settings
You may not have completely installed the Fiddler certificate.
Email the fiddler certificate to your iPad. Open the email and then open the certificate. iOS will prompt you to trust the certificate, and then install it.
If it is installed correctly, you will have a new iOS setting under Settings->General->Profile called DO_NOT_TRUST_Fiddler. That setting is your installed certificate.
Once the certificate is installed - Fiddler will be able to show you your HTTPS traffic.
I try to open https://github.com for testing. And I have done as Josh said(Install the certificate through email). But I came across "Safari cannot open the page because it cannot establish a secure connection to the server". When I close http proxy, https;//github.com shows up well.
Install "CertMaker Add-on" from this article and try again everything you described in your question - it will work okay.
I want to manage the iOS devices using Lion Server,I have purchased the Lion Server and installed in Mac system which has Lion OS 10.7.
I want to manage the devices with in our own network, I have not taken domain specific for MDM.
While creating cofig profile for MDM in IPCU,it needs the server url must begin with "https://".
So I am not able to install the MDM config profile in the iOS device, due to "htts".I tried to get ssl certificate for trial , but that is not available for private networks.
Is there any solution to resolve the issue with out purchasing ssl certificate or public domain.
Please correct me if I am doing something wrong and suggest the correct approach.
Self-signed ssl will work and while generating self-signed ssl certificate in server side,generate identity.p12 certificate and this certificate you need to use in identity section of IPCU.
And go through this also.
If you visit a page on the MDM web server with Safari and get the pop-up dialog warning about the identity of the server then you will need to install the SSL certificate on the device to allow the certificate to be trusted. This can be achieved by using iPCU or allowing the certificate from a web server.