使用自签名 SSL 证书连接到 HTTPS
我在使用 SSL 连接到服务器时遇到问题。我正在使用 ASIHTTPRequest。
ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:[NSURL URLWithString:@"https://server:port"]];
//[request setValidatesSecureCertificate:NO];
[request setRequestMethod:@"POST"];
[request setTimeOutSeconds:10];
[request addRequestHeader:@"Host" value:@"server:port"];
[request addRequestHeader:@"Content-Type" value:@"text/json; charset=utf-8"];
上面给出了“发生连接失败:SSL 问题(可能是错误/过期/自签名证书)”。如果我取消注释行 [request setValidatesSecureCertificate:NO];我得到 404。
我知道在开发环境中服务器使用自签名证书,在生产服务器上证书由“thawte”签名。
因此,我通过电子邮件将证书发送给自己,使用设备上的邮件应用程序点击附件 - 它将我重定向到设置并安装了证书。当然,由于它是自签名的,它告诉我证书不受信任,但这是证书的唯一问题,它没有过期等。
现在我采用相同的方法,我再次收到“发生连接失败:SSL问题(可能是错误/过期/自签名证书)”或 404。
我还将证书添加到我的项目中并添加以下行:
NSData* certData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"cert" ofType:@"cer"]];
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)certData);
[request setClientCertificates:[NSArray arrayWithObject:(id)cert]];
但它不会改变任何内容。
我错过了什么吗?
I've a problem connecting to the server using SSL. I'm using ASIHTTPRequest.
ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:[NSURL URLWithString:@"https://server:port"]];
//[request setValidatesSecureCertificate:NO];
[request setRequestMethod:@"POST"];
[request setTimeOutSeconds:10];
[request addRequestHeader:@"Host" value:@"server:port"];
[request addRequestHeader:@"Content-Type" value:@"text/json; charset=utf-8"];
Above gives me the "A connection failure occurred: SSL problem (possibly a bad/expired/self-signed certificate)". If I uncomment the line [request setValidatesSecureCertificate:NO]; I get 404.
I know that that in the development environment the server uses the self-signed certificate, on production server the certificate is signed by "thawte".
So I emailed the certificate to myself, tap the attachement using Mail app on my device - it redirected me to the settings and I installted the certificate. Of course as it was self-signed it tells me that the certificate is not trusted, but it's the only problem with the certificate, it's not expired etc.
Now I do the same approach and I again receives either "A connection failure occurred: SSL problem (possibly a bad/expired/self-signed certificate)" or 404.
I've also added the certificate to my project and add following lines:
NSData* certData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"cert" ofType:@"cer"]];
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)certData);
[request setClientCertificates:[NSArray arrayWithObject:(id)cert]];
but it doesn't change anything.
Am I missing something?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我会使用类似 Firefox 的 REST 客户端插件之类的东西从浏览器执行相同的 POST。查看网站真正返回的内容。 404 可能是服务器对指定 URL 的正确响应,而无效的证书只是阻止 SSL 协商完成,因此您永远不会看到该错误。
I would use something like the REST client addon for firefox to do the identical POST from a browser. To see what the site is really returning. It just might be that a 404 is the correct response from the server for the specified URL and the invalid cert is just preventing the SSL negotiation from completing so you never see the error.