“Server certificate untrusted” error in iPhone application

Question

I am using my iPhone application on my iPhone 3G OS 3.0.1 without any problems. The application connects to an API URL at https://api.serverdensity.com/1.0/ and all requests

Answer 1

I have actually seen this with my own app which also uses a godaddy cert - and yes I have installed the intermediate certs on my server.

It's rare, but this can happen if the user goes onto a wifi hotspot which interjects its login page to the connection attempt. It's actually correct behaviour for SSL, and it's caused by the hotspot effectively doing a man-in-the-middle redirection for your URL.

They can fix it by first going into Safari and getting the connection working.

OS3.0 is supposed to do some automatic login to this kind of hotspot but in my experience it doesn't always work.

edit: to add, before I used SSL I used to detect this for plain http and put up an appropriate error message. It is probably advisable to catch this error in your app and put up a similar message 'you may be connected to a hotspot which requires you to login', etc. Now that you've reminded me, I need to do that in my own app.

Answer 2

I would confirm that your phone can load any https:// urls without warning. I have an old 3.1.3 iPhone that for some reason warns about every cert it encounters. Not sure what the reason is but it makes it almost useless for testing of my web service.

Answer 3

Early iOS and android devices came with a smaller-than-desktop-browser database of root certs. You need to concatenate your intermediate CA certs with your server cert and have the web server send them all down to the phone. Later iOS and android releases fix this by including more ca certs on-device.

Answer 4

It looks like everything checks out with the installation of the certificate. All of the Intermediate certificates are being sent by the server: http://www.sslshopper.com/ssl-checker.html?hostname=api.serverdensity.com

Answer 5

We were previously using a "hardcoded" method of authentication using basic HTTP AUTH when connecting to our API:

NSString *requestURL = [NSString stringWithFormat:@"https://%@:%@@api.serverdensity.com/1.0/?account=%@.serverdensity.com&c=%@", username, password, account, command];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:requestURL] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:60.0];

but switched to using a "proper" method in our latest update:

NSString *requestURL = [NSString stringWithFormat:@"https://api.serverdensity.com/1.0/?account=%@.serverdensity.com&c=%@", account, command];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:requestURL] cachePolicy:NSURLRequestReloadIgnoringLocalCacheData timeoutInterval:60.0];

using NSURLCredential to correctly handle the HTTP authentication. Following this update, the certificate error disappeared for the user concerned.

Answer 6

Please verify the Date and time setting of your iPhone or iPod, if you are facing the error saying "untrusted server certificate".

After correcting the Date and Time from iPhone/iPod "Setting". It will automatically takes care all applications(i.e. Yahoo messenger, Citrix, Push mail ....etc) encounters "Untrusted server certificate" issue. Just give try. Hope it will be a little help for you. Thanks.