I apologize in advance for the long-winded question. I'm having trouble with a self-signed SSL cert and I want to document everything I've tried so far.

对于这个冗长的问题，我提前道歉。我在使用自签名 SSL 证书时遇到问题，我想记录迄今为止我尝试过的所有内容。

I'm working on an app that communicates with a REST service. The test server uses a self-signed ssl certificate that I can install on my computer without issue. It's a .p12 file that requires a password to install. Without this certificate installed, all requests to the server return a 403.

我正在开发一个与 REST 服务通信的应用程序。测试服务器使用自签名 ssl 证书，我可以毫无问题地将其安装在我的计算机上。这是一个 .p12 文件，需要密码才能安装。如果没有安装此证书，所有对服务器的请求都会返回 403。

The .p12 installs three items in the Keychain, a "Root certificate authority", a "test user" certificate that's issued by the "Root certificate authority", and a private key that's associated with the "test user" cert.

.p12 在 Keychain 中安装三个项目，“根证书颁发机构”、“根证书颁发机构”颁发的“测试用户”证书以及与“测试用户”证书关联的私钥。

I've installed this certificate on my iPad by emailing myself the .p12 file. I tapped on the attachment, input the password, and I can now access the site in Safari. Unfortunately, because of application sandboxing, this isn't enough to get my app to communicate with the REST service.

我已通过向自己发送 .p12 文件的电子邮件在 iPad 上安装了此证书。我点击附件，输入密码，现在我可以在 Safari 中访问该站点。不幸的是，由于应用程序沙箱，这不足以让我的应用程序与 REST 服务进行通信。

I'm using ASIHTTPRequest for all of the communication with the REST service from my app. Each request is a subclass of ASIHTTPRequest. The first thing I found I had to do was call [self setValidatesSecureCertificate:NO];so that it would even attempt the SSL connection to the server. If that's all I do, I get 403 error codes back from the service.

我正在使用 ASIHTTPRequest 与我的应用程序中的 REST 服务进行所有通信。每个请求都是 ASIHTTPRequest 的一个子类。我发现我必须做的第一件事是调用，[self setValidatesSecureCertificate:NO];以便它甚至尝试与服务器建立 SSL 连接。如果这就是我所做的，我会从服务中得到 403 错误代码。

Now I can't seem to figure out how to get the request to use the certificate. I've tried exporting the three items as separate .cer file, including them in the project and adding them to the request using the code below:

现在我似乎无法弄清楚如何获得使用证书的请求。我尝试将这三个项目导出为单独的 .cer 文件，将它们包含在项目中并使用以下代码将它们添加到请求中：

NSData *data = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"cert" ofType:@"cer"]];
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)data);
...
[self setClientCertificates:[NSArray arrayWithObjects:(id)cert, ..., nil]];

While the code executes without issue using this approach, I still get the 403 error.

虽然使用这种方法执行代码没有问题，但我仍然收到 403 错误。

I've even tried including the .p12 file in my application and importing it using the same code. This fails because SecCertificateCreateWithDatareturns nil.

我什至尝试在我的应用程序中包含 .p12 文件并使用相同的代码导入它。这失败了，因为SecCertificateCreateWithData返回 nil。

I admit I don't really know what I'm doing here. This is all a little over my head and any help anyone could give me would be greatly appreciated.

我承认我真的不知道我在这里做什么。这一切都超出了我的范围，任何人都可以给我任何帮助，我们将不胜感激。