"Server certificate untrusted" error in iPhone application
Solution 1
We were previously using a "hardcoded" method of authentication using basic HTTP AUTH when connecting to our API:
NSString *requestURL = [NSString stringWithFormat:@"https://%@:%@@api.serverdensity.com/1.0/?account=%@.serverdensity.com&c=%@", username, password, account, command];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:requestURL] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:60.0];
but switched to using a "proper" method in our latest update:
NSString *requestURL = [NSString stringWithFormat:@"https://api.serverdensity.com/1.0/?account=%@.serverdensity.com&c=%@", account, command];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:requestURL] cachePolicy:NSURLRequestReloadIgnoringLocalCacheData timeoutInterval:60.0];
using NSURLCredential to correctly handle the HTTP authentication. Following this update, the certificate error disappeared for the user concerned.
Solution 2
It looks like everything checks out with the installation of the certificate. All of the Intermediate certificates are being sent by the server: http://www.sslshopper.com/ssl-checker.html?hostname=api.serverdensity.com
Solution 3
I had the same problem!
Did you install there "Intermediate Certificate Bundle"? If you don't then you will get the untrusted server certificate on all mobile platforms (and some PC ones as well).
Web Site Quote:
Before you install your issued SSL certificate you must download and install our intermediate certificate bundle on your Web server. You may also download the bundle from the repository.
Check out the GoDaddy SSL install instructions for your web server setup.
The Intermediate Certificate Bundle can be found here.
Solution 4
Please verify the Date and time setting of your iPhone or iPod, if you are facing the error saying "untrusted server certificate".
After correcting the Date and Time from iPhone/iPod "Setting". It will automatically takes care all applications(i.e. Yahoo messenger, Citrix, Push mail ....etc) encounters "Untrusted server certificate" issue. Just give try. Hope it will be a little help for you. Thanks.
Solution 5
Early iOS and android devices came with a smaller-than-desktop-browser database of root certs. You need to concatenate your intermediate CA certs with your server cert and have the web server send them all down to the phone. Later iOS and android releases fix this by including more ca certs on-device.
Related videos on Youtube
davidmytton
Co-founder of Console (the best tools for developers). Researching sustainable computing at Imperial College London & Uptime Institute. Previously Co-founder, Server Density (acquired by StackPath).
Updated on July 24, 2020Comments
-
davidmytton almost 4 years
I am using my iPhone application on my iPhone 3G OS 3.0.1 without any problems. The application connects to an API URL at https://api.serverdensity.com/1.0/ and all requests go through it.
A user of the app has reported that they are now suddenly getting an error "untrusted server certificate". No other users are experiencing this issue (that I'm aware of) and I cannot reproduce it.
The SSL certificate is a wildcard certificate on *.serverdensity.com. It is purchased from GoDaddy and is valid until May 2010.
Further, the user is running OS 3.0.1, the time/date are set correctly on the device and if he visits the API URL in Safari, it loads up correctly.
Any suggestions for the cause of this?
-
frankodwyer over 14 yearsright, but if that was the problem it should always happen. sounds like this is intermittent.
-
Shane Powell over 14 yearsWhen it happened with me, it was odd. It was working then it stopped working after a certain date. So it wasn't intermittent for me but it do go from working to not working without any real noticeable reason.
-
davidmytton over 14 yearsYeh, I did install the bundle and actually blogged about it too - blog.boxedice.com/2009/05/11/… . However if this was the problem then I'd expect to see the error in browsers too.
-
frankodwyer over 14 years@shanepowell could it be that your certificate or some certificate in the chain just expired?
-
Shane Powell over 14 yearsThe cert didn't expire. I installed the intermediate bundle and my problem went away. Sounds like David's problem is different to what my was.
-
davidmytton over 14 yearsThe user says he has tried both on wifi and cellular data networks with the same error. He has also re-installed the app.
-
frankodwyer over 14 yearsIt is really odd that it works in Safari but not from your client. Are you using the standard URL loading stuff and what cache policy do you use? Has the user tried clearing the Safari cache?
-
johnnieb about 13 yearsWorked like a charm. Thank you!
-
Jonathon Horsman over 9 yearsThis is a really useful suggestion since most apps which connect to an API over HTTPS will encounter this issue.
-
Nicholas DiPiazza about 9 yearswe had done some fancy concatenating of the chains together on our own and it was not good. we reran these steps... all good