Domain=NSURLErrorDomain Code 1202

2019-02-06 17:31发布

问题:

Hi I receive the following error:

Error Domain=NSURLErrorDomain Code=-1202 \"The certificate for this server is invalid. You might be connecting to a server that is pretending to be “server-prod.name-cloud.com” which could put your confidential information at risk.\" UserInfo={NSErrorFailingURLStringKey=https://server-prod.name-cloud.com /v3/project/session/926B9E6BE31B/, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://server-prod.name-cloud.com /v3/project/session/926B9E6BE31B/, _kCFStreamErrorCodeKey=-9843, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “server-prod.name-cloud.com” which could put your confidential information at risk.}

I read all the relevant docs, we apply all the requirements in "Common Failures" section.

More details:

  • the errors received only from Germany(except 4 times in the past 2W that was from Italy)
  • It is not reproducible in house
  • Eventually after tons of retries the uploads go throw
  • This was received booth in iOS 10.x.x & 9.x.x
  • I use amazon servers with 2016-08 SSL Security Policies, so according to apple it should be OK

In the app I use:

<key>NSAppTransportSecurity</key>
   <dict>
      <key>NSAllowsArbitraryLoads</key>
   <true/>
</dict>

note - in production I always use HTTP’s, I leave the NSAllowsArbitraryLoads because some testers offshore can switch the rout to HTTP for debugging.

回答1:

For the devs who are working with a server locally and need to get the iOS Simulator to trust the certificate. Follow the steps below:

  1. Get the .cer file by exporting the certificate from the Keychain. You need the certificate file in a valid format and its easiest to get this by exporting it from the Keychain.

  2. Drag and drop the aforementioned .cer file onto the simulator. It should give you a prompt on installing a "Profile". Go ahead and follow the instructions to install it.

  3. For those who are working with the latest versions of XCode and iOS Simulator. You need to do 1 last step. The Simulator must be explicitly told to trust the root CA. Do this by going to General -> About -> Certificate Trust Settings -> "Enable Full Trust for Root Certificate" for your particular certificate

Hopefully, this saves headaches for some people!