问题
I am developing an app for iOS using Titanium Appcelerator. I am struggling with securing the connections to my server. I bought a UCC certificate to protect my server (and other websites) and installed it. When I go on any browser, it displays that the connection is secured.
Now, when I try to create a connection from the app to my server, I get the following error:
The certificate for this server is invalid. You might be connecting to a server that is pretending to be DOMAIN.COM
I've tried with other secured domains, and it works fine. I am using Ti.Network.createHTTPClient to create my connections. Does anyone have any idea about that problem? Is there something I'm missing here?
回答1:
You should use a securityManager to communicate with a secured website. Below is the simple example from the documentation. The certificate should be provided as a X.509 certificate file in DER binary format.
Disclaimer: The appcelerator.https module is a paid feature!
// Require in the module
var https = require('appcelerator.https'),
securityManager,
httpClient;
// Use the module to create a Security Manager that authenticates the specified URLs
securityManager = https.createX509CertificatePinningSecurityManager([
{
url: "https://dashboard.appcelerator.com",
serverCertificate: "dashboard.appcelerator.com.der"
},
{
url: "https://www.wellsfargo.com",
serverCertificate: "wellsfargo.der"
}
]);
// Create an HTTP client the same way you always have
// but pass in the optional Security Manager that was created previously.
httpClient = Ti.Network.createHTTPClient({
onload: function(e) {
Ti.API.info("Received text: " + this.responseText);
},
onerror: function(e) {
Ti.API.error(e.error);
},
timeout : 5000,
// Set this property before calling the `open` method.
securityManager: securityManager
});
// Prepare the HTTPS connection in the same way you always have
// and the Security Manager will authenticate all servers for
// which it was configured before any communication happens.
httpClient.open("GET", "https://dashboard.appcelerator.com");
// Send the request in the same way you always have.
// Throws a Security Exception if authentication fails.
httpClient.send();
回答2:
I found the reason why in my case the connection was refused. The catch was that I hadn't concatenated the two cert files given by godaddy, which doesn't seem to be a problem on browser, but was breaking the chain of trust for the app. Correcting that part fixed the issue, using:
cat gd_bundle-g1-g2.crt >> my_server.crt
to create the full crt file.
Note: The first cert file is downloadable on Godaddy's website, but is also attached when you download your crt file.
来源:https://stackoverflow.com/questions/32983099/titanium-the-certificate-for-this-server-is-invalid-you-might-be-connecting