Alamofire: HTTPS with self-signed certificates 10.3 return error
I know this is more of an iOS 10.3 related difference in behavior but there is a change in 10.3 in the way Alamofire and other HTTPS based apps function when dealing with self-signed certificates. In 10.2, importing the CA Trust + Certificate on a device and trusting via a config profile allows for HTTPS requests to occur within an app without the need for any ATS exceptions. In 10.3 this same action does not work and results in the error: (kCFStreamErrorDomainSSL, -9813)
If switching a REST API call from a self-signed certificate to a host using a commercial cert, such as one generated by Let's Encrypt, the same code returns back expected data. This might pop up more once 10.3 is final.
rsaeks
All 4 comments
Thanks for the report! You're saying that, even if the cert has been installed and trusted on device that SSL connections won't work? I hope that's a bug, otherwise tools like Charles won't work without ATS workarounds.
jshier
on 5 Mar 2017
I have some sample code on github that works when running on 10.2 but does not work on 10.3 when installing the CA & Certificate. I also have a bug report open with Apple. At the moment the code is just trying to make sure it can get some response back from the server behind the cert, independent of performing any REST actions. Should I update once hearing more back from Apple?
rsaeks
on 7 Mar 2017
It looks like the trust is now "turned on" in iOS 10.3 builds in: Settings -> General -> About -> Certificate Trust Settings Once that was enabled for the certificate the code looks to be working!
rsaeks
on 9 Mar 2017
@rsaeks Thanks for keeping on top of this. I'm closing now that the issue seems to have been resolved. Please let us know if anything changes.
jshier
on 20 Mar 2017
Related issues
tobiasoleary
·
3Comments
dpstart
·
3Comments
noear
·
3Comments
simonliotier
·
3Comments
lvandal
·
3Comments
Most helpful comment
It looks like the trust is now "turned on" in iOS 10.3 builds in: Settings -> General -> About -> Certificate Trust Settings Once that was enabled for the certificate the code looks to be working!