Receiving SSL error in iOS7 GM - "AddTrust External CA Root" is not trusted?

Question

I am receiving a SSL error in my NSURLConnection class, suddenly from iOS7 GM. I cannot access any of my APIs or webView pages, and is a severe emergency.

Can anybody help me here?

The error is as follows:

NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)

I've looked up the error, and it is explained as follows:

errSSLNoRootCert = -9813, /* cert chain not verified by root */

My root certificate for my domain (confirmed via browser access) is

"AddTrust External CA Root".

It is very unlikely that this is not trusted, because:

1. This root certificate is even listed in "iOS5 and 6: List of trusted root certificates". http://support.apple.com/kb/ht5012

2. This error has never appeared anytime up to iOS6, and even until iOS7 beta 6. It suddenly appeared in iOS7 GM.

3. My browser tells me that it is a trusted certificate.

4. There are no problems with expiration dates for my certificate.

I want to know whether this is a bug in the OS, or whether I have to purchase a certificate of a different root, or whether problems lie elsewhere.

P.S. I have no code around my NSURLConnection for handling authentication challenges.

Answer 1

Try adding the intermediate certificates to your (API's) web server configuration. Most times they are sent along with your real certificate.

It might be that iOS knows (and trusts) the root certificate, but that one (or more) intermediate certificates (between your actual certificate and the real certificate) aren't known. By adding them, iOS can figure out that the chain between your certificate and the root certificate actually exists.