带有自签名证书的 HTTPS iOS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22663768/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Https iOS with self signed certificate
提问by Mcr67
I have a server with a self signed certificate . I want to connect my device with the server with https form . I hear that I must just accept the connexion . But I don t know how . I have a self signed certificate because it is a test server. But I want to access it with https form? When I try to access with https I have an error :
我有一个带有自签名证书的服务器。我想用 https 形式将我的设备与服务器连接。我听说我必须接受连接。但我不知道如何。我有一个自签名证书,因为它是一个测试服务器。但我想用 https 形式访问它?当我尝试使用 https 访问时,出现错误:
SURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
Then it is a self signed certificate .
然后它是一个自签名证书。
Someone can help me ?
有人可以帮助我吗?
回答by ItalyPaleAle
By default, Cocoa refuses all SSL connections when the certificate is invalid.
默认情况下,当证书无效时,Cocoa 拒绝所有 SSL 连接。
However, you can force them to accept also invalid certificates. The method depends on which library/framework you are using. For example:
但是,您可以强制他们接受无效的证书。该方法取决于您使用的库/框架。例如:
- For NSURLConnection, check this answer.
- For ASIHTTPRequest, you need to set the property
validatesSecureCertificateto NO. - For AFNetworking, you can check the code to use in this page
- For CFNetwork, the low-level Foundation framework, check this sample code.
- For SURLConnection, which looks like you're using, you need to follow the same instructions for NSURLConnection. Indeed, SURLConnection is just a subclass of NSURLConnection.
- 对于 NSURLConnection,请检查此答案。
- 对于 ASIHTTPRequest,您需要将该属性设置
validatesSecureCertificate为 NO。 - 对于 AFNetworking,您可以检查此页面中使用的代码
- 对于低级 Foundation 框架 CFNetwork,请查看此示例代码。
- 对于 SURLConnection,看起来您正在使用,您需要遵循 NSURLConnection 的相同说明。事实上,SURLConnection 只是 NSURLConnection 的一个子类。
Important note:
The code above, to accept any kind of SSL certificate, even if invalid, is a serious security risk. Basically, it makes the whole SSL useless. As a consequence, you should use that code only during development, if you really need to test with SSL connections.
Please also note that Apple will reject any application submitted to the App Store that accepts invalid SSL certificates.
重要提示:
上面的代码,接受任何类型的 SSL 证书,即使无效,也是一个严重的安全风险。基本上,它使整个 SSL 变得无用。因此,如果您确实需要使用 SSL 连接进行测试,则应该仅在开发期间使用该代码。
另请注意,Apple 将拒绝提交到 App Store 的任何接受无效 SSL 证书的应用程序。
回答by Durai Amuthan.H
Certificate configuration:
证书配置:
You have to install the Self Signed Certificateor CAon the device in order for the device to trust it then only device trusts the SSL connection.
您必须在设备上安装自签名证书或CA,以便设备信任它,然后只有设备信任 SSL 连接。
In the case of installing self signed certificatemake sure domain nameof the URLis same as Common nameof certificate.
在安装的情况下,自签名证书确保域名的的URL是一样的通用名称证书。
If there is no domain name then IP address is fine.
如果没有域名,那么IP地址就可以了。
Certificate installation:
证书安装:
You can just host it on the web server and try to access it from safari then iOS will prompt for the certificate installation in the iOS Device
您可以将它托管在 Web 服务器上并尝试从 safari 访问它,然后 iOS 将提示在 iOS 设备中安装证书
Certificate Creation:
证书创建:
Here is the way to create self signed certificate so that you can fill all the details and host in web server.
这是创建自签名证书的方法,以便您可以填写所有详细信息并在 Web 服务器中托管。
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 1001 -nodes
(Pay attention while entering the value for Common Name)
(输入 Common Name 的值时要注意)
