ios – Self signed root CA works in Safari Mobile but not in app

iOS Development


I’m trying to set up a secure dev environment on my Mac.
I’ve defined a dummy domain in /etc/hosts.
I’ve installed the following self generated root CA on the simulator:

Issued To

Common Name (CN) ****.com
Organization (O) ****
Organizational Unit (OU)

Issued by

Common Name (CN) ****.com
Organization (O) ****
Organizational Unit (OU)

Validity Period

Issued On Wednesday, November 8, 2023 at 9:02:43 AM
Expires On Saturday, November 5, 2033 at 9:02:43 AM

SHA 256 Fingerprints

Certificate f2ed…62f7
Public Key abcf…4773

I’ve installed it by downloading the cert (.pem) file, installing it and then going to settings|general|about… to enable it. Just like Apple suggests.

It works fine on Safari Mobile. However, when I try the same from my app I get:

2023-11-19 10:42:03.825404+0200 TestApp[22919:2996532] ATS failed system trust
2023-11-19 10:42:03.825475+0200 TestApp[22919:2996532] Connection 1: system TLS Trust evaluation failed(-9802)
2023-11-19 10:42:03.825559+0200 TestApp[22919:2996532] Connection 1: TLS Trust encountered error 3:-9802
2023-11-19 10:42:03.825612+0200 TestApp[22919:2996532] Connection 1: encountered error(3:-9802)
2023-11-19 10:42:03.826104+0200 TestApp[22919:2996532] Task <B0C44DAC-4B59-44D5-891C-5B8BE21C3938>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])
2023-11-19 10:42:03.829664+0200 TestApp[22919:2996532] Task <B0C44DAC-4B59-44D5-891C-5B8BE21C3938>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
    "<cert(0x131811800) s: ****.com i: ****.com>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://****.com/, NSErrorFailingURLStringKey=https://****.com/, NSUnderlyingError=0x6000030481e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600000f240a0>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
    "<cert(0x131811800) s: ****.com i: ****.com>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <B0C44DAC-4B59-44D5-891C-5B8BE21C3938>.<1>"
), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <B0C44DAC-4B59-44D5-891C-5B8BE21C3938>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600000f240a0>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
    "<cert(0x131811800) s: ****.com i: ****.com>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://****.com/, NSErrorFailingURLStringKey=https://****.com/, NSUnderlyingError=0x6000030481e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600000f240a0>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
    "<cert(0x131811800) s: ****.com i: ****.com>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <B0C44DAC-4B59-44D5-891C-5B8BE21C3938>.<1>"
), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <B0C44DAC-4B59-44D5-891C-5B8BE21C3938>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600000f240a0>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}

I’ve considered the info.plist and disabled NSAllowsArbitraryLoads.
I’ve also tried the same request with a standard domain (e.g. google) and it works fine with no errors.

admin
adminhttps://techmins.com

Latest articles

spot_imgspot_img
Previous article
ADU 01256: How did we put the Isotopes’ Cinewhoop shoot together?
Next article
[World Mental Health Day] Better Mental Health Starts With Better Understanding – Samsung Global Newsroom

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

spot_imgspot_img

ABOUT US

Techmins is your Technology. Nanotechnology, Drone, Robotics, Big data, Cloud computing, 3D printing, Self driving car, Telecom, Mobile, Apple, iOS development, Software development and Green technology related news website. We provide you latest breaking news and videos straight from the tech industry.

Copyright © 2023 - techmins.com. All rights reserved.