I am trying to setup a secure connection to a java run SSLServerSocket.
I have created my own root CA, and have signed the certificate that the Java SSLServerSocket usin
I had this same problem, and while adding the certificate manually does fix the issue, that also means having to update the app every time the certificate on the server changes (such as when it expires, which, in my case, was going to happen in a matter of days).
If you're using an IP address to connect to the socket, and the certificate is for the FQDN (fully qualified domain name, i.e. subdomain.example.com), then when the operating system checks the certificate, it is going to look at the IP address you're connecting to, compare it to the name in the certificate, and think the two are different, causing the chain to fail validation.
So for anyone else who runs into this problem, I recommend using the FQDN in the second parameter to CFStreamCreatePairWithSocketToHost
rather than the IP address. After that, it should work without having to include the certificate in the bundle and manually validate.