Menu
I am trying to display an image that is stored on an Amazon S3 Bucket. The URL is something like https://s3.amazon.com/..../test.jpg. Whenever I do this on the iPhone simulator, the image is displayed properly. However, if I test it on the actual device itself, I keep getting:
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “s3.amazonaws.com” which could put your confidential information at risk." UserInfo=0x20007030 {NSErrorFailingURLStringKey=https://s3.amazonaws.com/.../test.jpeg, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://s3.amazonaws.com/.../test.jpeg, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “s3.amazonaws.com” which could put your confidential information at risk., NSUnderlyingError=0x20014d40 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “s3.amazonaws.com” which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=}
Any ideas?!
Thanks!
432
As the certificate makes sure that your data remain encrypted and your information will not be leaked, the error 'The certificate for this server is invalid' denotes that the website you are trying to visit cannot be trusted. These errors could be seen on the iPhone, iPad or iPod as well as Mac.
I was getting the same certificate error from S3, and found adding this to the NSURLConnectionDelegate fixed the problem:
-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] &&
[challenge.protectionSpace.host hasSuffix:@"example.com"])
{
// accept the certificate anyway
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
}
else
{
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
}
NOTE: You'll need to change 'example.com' to a domain you trust, or use a more sophisticated mechanism than 'hasSuffix'.
FYI Apple Technote TN2232 "HTTPS Server Trust Evaluation" goes into much of the detail about why the certificate was rejected and how to handle it: https://developer.apple.com/library/ios/technotes/tn2232/_index.html
Thanks to Gordon Henriksen for answering this at https://stackoverflow.com/a/2033823/235229, but using an older api.
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
