Unable to use self signed certificate with AFNetworking 2

Question

I put the .cer certificate used by the Apache Server in the Xcode project. When the app tries to talk to the server I get this error in Xcode:

Assertion fail         


        

Answer 1

It looks like your certificate file is not in the right format. Your code fails at these lines (AFURLConnectionOperation/pinnedPublicKeys):

SecCertificateRef allowedCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)data);
NSParameterAssert(allowedCertificate);

I had the same error (on AFNetworking 1.1, but the version should not matter), when my certificate was looking like this:

-----BEGIN CERTIFICATE-----
..
-----END CERTIFICATE----- 

I managed to resolve this by converting the certificate to x509 format, using the command from this answer:

openssl x509 -in adn.crt -outform der -out "adn.der"

Afterwards I renamed adn.der back to adn.cer ('.cer' seems to be the expected extension for AFNetworking), and everything works well now.

Answer 2

If required, you can disable the invalid certificate check by changing your security policy.

[self setAllowInvalidCertificates:YES];

Please read more in the documentation: http://cocoadocs.org/docsets/AFNetworking/2.0.3/Classes/AFSecurityPolicy.html#//api/name/allowInvalidCertificates

You can also pin the certificate: http://cocoadocs.org/docsets/AFNetworking/2.0.3/Classes/AFSecurityPolicy.html#//api/name/pinnedCertificates

Answer 3

This site may help someone fix this http://www.indelible.org/ink/trusted-ssl-certificates/

Example

https://github.com/AFNetworking/AFNetworking/tree/1.x

Answer 4

The problem isn't on the side of AFNetworkings, but on iOS': You need to install the self-signed certificate on the device, because the iOS security settings forbid connections to untrusted sources.

You can add a self-signed certificate as a trusted source by opening the certificate on you iOS device (mail it to yourself and open it) and following the install instructions.