Problems with SSL Pinning and AFNetworking 2.5.0 (NSURLErrorDomain error -1012.)

Question

We’ve been having a hard time securing our app’s network connections with SSL using AFNetworking 2.5.0.

We use a self-signed certificate authority and implemented a

Answer 1

Having dealt with a similar issue, it is common for things seem normal via browser HTTPS connections, as many browsers cache certificate files from third parties so that they don't always need to be loaded. Therefore, it could very well be that your certificate chain is not fully trusted as you may have been led to believe.

In other words, it may seem fine to connect securely with a browser, but depending on your AFNetworking settings, your app won't actually accept your certificate chain. After you are sure your settings are appropriate, the next step is to make sure your certificate chain is actually as good as you think it is. Download an app called SSL Detective and query your server. You can also use www.ssldecoder.org. Make sure there are no red (untrusted) items in your chain. If there are, change your cert setup on the server.

Given that your AFNetworking settings are as follows:

 [securityPolicy setAllowInvalidCertificates:NO];
 [securityPolicy setValidatesCertificateChain:NO];

It may not like your certificate chain because it is self signed. You might also have to switch those to YES.