iphone: secure restfull server "The certificate for this server is invalid

Question

I am trying to consume secure restful service which gives error

Error = Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xxx.xxx.xxx.xxx” which could put your confidential information at risk."

working on xCode 4.2, where is the mistake or any step missing.

using following code

RegisterUser.f

@interface RegisterUser : UIViewController<UITextFieldDelegate,
UIScrollViewDelegate, NSURLConnectionDelegate>

RegisterUser.m

- (IBAction)SubmitBtnAction:(id)sender {

    NSURL *url = [NSURL URLWithString:@"https://xx.xx.xx.xxx:8223/jaxrs/tunedoorgateway/getCountries"];
    NSURLRequest *urlRequest = [NSURLRequest requestWithURL:url];

    [NSURLConnection sendAsynchronousRequest:urlRequest queue:[[NSOperationQueue alloc] init]
     completionHandler:^(NSURLResponse *response, NSData *data, NSError *error)
     {

         if ([data length] >0 && error == nil)
         {
             NSLog(@"Data = %@", data);
             // DO YOUR WORK HERE

         }
         else if ([data length] == 0 && error == nil)
         {
             NSLog(@"Nothing was downloaded.");
         }
         else if (error != nil){
             NSLog(@"Error = %@", error);
         }

     }];

}


- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
    NSLog(@"This is canAuthenticateAgainstProtectionSpace");
    return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}


- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
//    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
//        if ([trustedHosts containsObject:challenge.protectionSpace.host])
            [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];

    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
    NSLog(@"This is didReceiveAuthenticationChallenge");
  //  [[challenge sender] cancelAuthenticationChallenge:challenge];
}

Answer 1

I feel this might be because of DNS, something like your server is not registered.

Try using this for development:

Create an NSURLRequest+NSURLRequestSSLY.h file and add these lines to it

#import <Foundation/Foundation.h>

@interface NSURLRequest (NSURLRequestSSLY)
+(BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host;

@end

Create an NSURLRequest+NSURLRequestSSLY.m file and add these lines to it

#import "NSURLRequest+NSURLRequestSSLY.h"

@implementation NSURLRequest (NSURLRequestSSLY)
+(BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host
{
    return YES;
}

@end

And don't forget to remove it before publishing as your app might get rejected.

Answer 2

The failure is not in your code. You are using a HTTPS server which does not provide a known certificate. If you have setup the server yourself you have to go and buy a singed certificate from one of the big certification authorities which are trusted by iOS and most other operating systems.

For development purposes you can test your REST service by ignoring the non-trusted certificate. Follow this guide for doing that: http://www.cocoanetics.com/2009/11/ignoring-certificate-errors-on-nsurlrequest/

But for production use I recommend you do not use this method since it will bring a security leak to your application. If you do ignore security you can also just use HTTP instead of HTTPS.