Pinned Certificated - How to pin the certs within the app
ofirattia opened this issue · comments
Hi,
I followed the instructions the described in the README and I am trying to understand if I miss something here.
I added the certificates (der format with .cer extension) to the www folder and setServerTrust as pinned, when I execute the HTTP request I see the following log in XCODE:
{Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600003fe4e10>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x7f923182dc00) s: mywebsite.com i: WebSiteName PKI Issuing CA>",
"<cert(0x7f923183e600) s: WebSiteName PKI Issuing CA i:WebSiteName PKI Root CA>",
"<cert(0x7f9231838600) s: WebSiteName PKI Root CA i: WebSiteName PKI Root CA>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask .<1>"
), _kCFStreamErrorCodeKey=-9813, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask .<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600003fe4e10>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “web site url” which could put your confidential information at risk.}
- I changed the urls to dummy names just for the example.
- I enabled the arbitrary loads
Anyone faced such kind of issue? - I trier both types of certs, signed and non signed
Hi @ofirattia, can you please check your domain on https://www.ssllabs.com/ssltest/ and post a screenshot of the results (just blank the domain name)?
@ofirattia did you get any solution to this problem. I am also facing the same issue
Closing this, feel free to open a new issue, if this won't solve your problem! 👍