Domain=NSURLErrorDomain Code 1202

ios amazon-web-services ssl nsurlsession tls1.2
Bar picture Bar · Dec 19, 2016 · Viewed 20.3k times · Source

Hi I receive the following error:

Error Domain=NSURLErrorDomain Code=-1202 \"The certificate for this server is invalid. You might be connecting to a server that is pretending to be “server-prod.name-cloud.com” which could put your confidential information at risk.\" UserInfo={NSErrorFailingURLStringKey=https://server-prod.name-cloud.com /v3/project/session/926B9E6BE31B/, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://server-prod.name-cloud.com /v3/project/session/926B9E6BE31B/, _kCFStreamErrorCodeKey=-9843, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “server-prod.name-cloud.com” which could put your confidential information at risk.}

I read all the relevant docs, we apply all the requirements in "Common Failures" section.

More details:

  • the errors received only from Germany(except 4 times in the past 2W that was from Italy)
  • It is not reproducible in house
  • Eventually after tons of retries the uploads go throw
  • This was received booth in iOS 10.x.x & 9.x.x
  • I use amazon servers with 2016-08 SSL Security Policies, so according to apple it should be OK

In the app I use:

<key>NSAppTransportSecurity</key>
   <dict>
      <key>NSAllowsArbitraryLoads</key>
   <true/>
</dict>

note - in production I always use HTTP’s, I leave the NSAllowsArbitraryLoads because some testers offshore can switch the rout to HTTP for debugging.

Answer

Gautham C. picture Gautham C. · May 9, 2017

For the devs who are working with a server locally and need to get the iOS Simulator to trust the certificate. Follow the steps below:

  1. Get the .cer file by exporting the certificate from the Keychain. You need the certificate file in a valid format and its easiest to get this by exporting it from the Keychain.

  2. Drag and drop the aforementioned .cer file onto the simulator. It should give you a prompt on installing a "Profile". Go ahead and follow the instructions to install it.

  3. For those who are working with the latest versions of XCode and iOS Simulator. You need to do 1 last step. The Simulator must be explicitly told to trust the root CA. Do this by going to General -> About -> Certificate Trust Settings -> "Enable Full Trust for Root Certificate" for your particular certificate

Hopefully, this saves headaches for some people!

Related questions

IPv6 App Store Rejection

Our update has been rejected twice today for ipv6 network connectivity issues. Our networking code has not changed between the previous release and this current release. The app only makes https network requests to api.metooapp.io, which is correctly …

Read More
Is it possible to use Socket.io with AWS Lambda?

Is it possible to build a function in AWS Lambda that creates a websocket and send data to subscribed applications? Something like this: John has the app SuperPhotoApp opened in his phone but decides to use the desktop browser to …

Read More
AWS Cognito User Pools in iOS (Swift) app

I'm trying to implement the new AWS Cognito User Pools in my iOS (Swift) app, but I'm struggling to get the sign in process to work. I am essentially trying to follow the example available here. This is what I …

Read More