ios: Public Key SSL Pinning Returns Nil
I have saved the public key of my SSL certificate into my xcode project as .crt, and am trying to use Alamofire to connect to my website through https. The part that keeps failing is using SecCertificateCreateWithData, that returns nil as show below:
func configureAlamoFireSSLPinningWithCertificateData() {
let cert = "nameOfCert"
let pathToCert = NSBundle.mainBundle().pathForResource(cert, ofType: "crt")
let certificateData:NSData = NSData(contentsOfFile: pathToCert!)!
let localCertificate = SecCertificateCreateWithData(nil, certificateData)! //RETURNS NIL
self.serverTrustPolicy = ServerTrustPolicy.PinCertificates(
certificates: [localCertificate],
// Choose to validate the complete certificate chain, not only the certificate itself
validateCertificateChain: true,
// Check that the certificate mathches the host who provided it
validateHost: true
)
self.serverTrustPolicies = [
"nameOfTrustedServer": self.serverTrustPolicy!
]
self.afManager = Manager(
configuration: NSURLSessionConfiguration.defaultSessionConfiguration(),
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
}
I've looked at the certificate in the project and everything seems to be fine, and I can also print certificateData and get a correctly formatted result.
Is the problem that I only have the public key saved and not the entire certificate? I would like to avoid doing that for obvious security reasons, but I cannot seem to figure out why It returns nil when trying to create the Sec Certificate.
Thanks in advance!
ios swift ssl https alamofire
add a comment |
I have saved the public key of my SSL certificate into my xcode project as .crt, and am trying to use Alamofire to connect to my website through https. The part that keeps failing is using SecCertificateCreateWithData, that returns nil as show below:
func configureAlamoFireSSLPinningWithCertificateData() {
let cert = "nameOfCert"
let pathToCert = NSBundle.mainBundle().pathForResource(cert, ofType: "crt")
let certificateData:NSData = NSData(contentsOfFile: pathToCert!)!
let localCertificate = SecCertificateCreateWithData(nil, certificateData)! //RETURNS NIL
self.serverTrustPolicy = ServerTrustPolicy.PinCertificates(
certificates: [localCertificate],
// Choose to validate the complete certificate chain, not only the certificate itself
validateCertificateChain: true,
// Check that the certificate mathches the host who provided it
validateHost: true
)
self.serverTrustPolicies = [
"nameOfTrustedServer": self.serverTrustPolicy!
]
self.afManager = Manager(
configuration: NSURLSessionConfiguration.defaultSessionConfiguration(),
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
}
I've looked at the certificate in the project and everything seems to be fine, and I can also print certificateData and get a correctly formatted result.
Is the problem that I only have the public key saved and not the entire certificate? I would like to avoid doing that for obvious security reasons, but I cannot seem to figure out why It returns nil when trying to create the Sec Certificate.
Thanks in advance!
ios swift ssl https alamofire
You can't simply import public key because its format is different than what iOS expects. Read here: blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios
– invisible_hand
Apr 7 '16 at 18:51
How does this example work then? github.com/antekarin/ssl-pinning-swift
– Greg Miller
Apr 7 '16 at 20:46
add a comment |
I have saved the public key of my SSL certificate into my xcode project as .crt, and am trying to use Alamofire to connect to my website through https. The part that keeps failing is using SecCertificateCreateWithData, that returns nil as show below:
func configureAlamoFireSSLPinningWithCertificateData() {
let cert = "nameOfCert"
let pathToCert = NSBundle.mainBundle().pathForResource(cert, ofType: "crt")
let certificateData:NSData = NSData(contentsOfFile: pathToCert!)!
let localCertificate = SecCertificateCreateWithData(nil, certificateData)! //RETURNS NIL
self.serverTrustPolicy = ServerTrustPolicy.PinCertificates(
certificates: [localCertificate],
// Choose to validate the complete certificate chain, not only the certificate itself
validateCertificateChain: true,
// Check that the certificate mathches the host who provided it
validateHost: true
)
self.serverTrustPolicies = [
"nameOfTrustedServer": self.serverTrustPolicy!
]
self.afManager = Manager(
configuration: NSURLSessionConfiguration.defaultSessionConfiguration(),
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
}
I've looked at the certificate in the project and everything seems to be fine, and I can also print certificateData and get a correctly formatted result.
Is the problem that I only have the public key saved and not the entire certificate? I would like to avoid doing that for obvious security reasons, but I cannot seem to figure out why It returns nil when trying to create the Sec Certificate.
Thanks in advance!
ios swift ssl https alamofire
I have saved the public key of my SSL certificate into my xcode project as .crt, and am trying to use Alamofire to connect to my website through https. The part that keeps failing is using SecCertificateCreateWithData, that returns nil as show below:
func configureAlamoFireSSLPinningWithCertificateData() {
let cert = "nameOfCert"
let pathToCert = NSBundle.mainBundle().pathForResource(cert, ofType: "crt")
let certificateData:NSData = NSData(contentsOfFile: pathToCert!)!
let localCertificate = SecCertificateCreateWithData(nil, certificateData)! //RETURNS NIL
self.serverTrustPolicy = ServerTrustPolicy.PinCertificates(
certificates: [localCertificate],
// Choose to validate the complete certificate chain, not only the certificate itself
validateCertificateChain: true,
// Check that the certificate mathches the host who provided it
validateHost: true
)
self.serverTrustPolicies = [
"nameOfTrustedServer": self.serverTrustPolicy!
]
self.afManager = Manager(
configuration: NSURLSessionConfiguration.defaultSessionConfiguration(),
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
}
I've looked at the certificate in the project and everything seems to be fine, and I can also print certificateData and get a correctly formatted result.
Is the problem that I only have the public key saved and not the entire certificate? I would like to avoid doing that for obvious security reasons, but I cannot seem to figure out why It returns nil when trying to create the Sec Certificate.
Thanks in advance!
ios swift ssl https alamofire
ios swift ssl https alamofire
asked Apr 7 '16 at 16:39
Greg MillerGreg Miller
1491211
1491211
You can't simply import public key because its format is different than what iOS expects. Read here: blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios
– invisible_hand
Apr 7 '16 at 18:51
How does this example work then? github.com/antekarin/ssl-pinning-swift
– Greg Miller
Apr 7 '16 at 20:46
add a comment |
You can't simply import public key because its format is different than what iOS expects. Read here: blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios
– invisible_hand
Apr 7 '16 at 18:51
How does this example work then? github.com/antekarin/ssl-pinning-swift
– Greg Miller
Apr 7 '16 at 20:46
You can't simply import public key because its format is different than what iOS expects. Read here: blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios
– invisible_hand
Apr 7 '16 at 18:51
You can't simply import public key because its format is different than what iOS expects. Read here: blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios
– invisible_hand
Apr 7 '16 at 18:51
How does this example work then? github.com/antekarin/ssl-pinning-swift
– Greg Miller
Apr 7 '16 at 20:46
How does this example work then? github.com/antekarin/ssl-pinning-swift
– Greg Miller
Apr 7 '16 at 20:46
add a comment |
1 Answer
1
active
oldest
votes
Finally figured it out, the issue was in my certificate even though it appeared to be correct. I fixed it by re-saving it as a .cer through openssl and this fixed it. Weirdly when I tried to re-save it as .cer in sublime or notepad it did not work even though Xcode displayed them identically, until I printed the NSData from each and it showed them to be different.
Thanks. You saved my day!
– rmvz3
Feb 19 '17 at 15:46
Thanks! Helped me!
– Vlad Pulichev
Jul 23 '18 at 14:45
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f36482311%2fios-public-key-ssl-pinning-returns-nil%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Finally figured it out, the issue was in my certificate even though it appeared to be correct. I fixed it by re-saving it as a .cer through openssl and this fixed it. Weirdly when I tried to re-save it as .cer in sublime or notepad it did not work even though Xcode displayed them identically, until I printed the NSData from each and it showed them to be different.
Thanks. You saved my day!
– rmvz3
Feb 19 '17 at 15:46
Thanks! Helped me!
– Vlad Pulichev
Jul 23 '18 at 14:45
add a comment |
Finally figured it out, the issue was in my certificate even though it appeared to be correct. I fixed it by re-saving it as a .cer through openssl and this fixed it. Weirdly when I tried to re-save it as .cer in sublime or notepad it did not work even though Xcode displayed them identically, until I printed the NSData from each and it showed them to be different.
Thanks. You saved my day!
– rmvz3
Feb 19 '17 at 15:46
Thanks! Helped me!
– Vlad Pulichev
Jul 23 '18 at 14:45
add a comment |
Finally figured it out, the issue was in my certificate even though it appeared to be correct. I fixed it by re-saving it as a .cer through openssl and this fixed it. Weirdly when I tried to re-save it as .cer in sublime or notepad it did not work even though Xcode displayed them identically, until I printed the NSData from each and it showed them to be different.
Finally figured it out, the issue was in my certificate even though it appeared to be correct. I fixed it by re-saving it as a .cer through openssl and this fixed it. Weirdly when I tried to re-save it as .cer in sublime or notepad it did not work even though Xcode displayed them identically, until I printed the NSData from each and it showed them to be different.
edited Nov 27 '18 at 19:46
answered Apr 8 '16 at 4:51
Greg MillerGreg Miller
1491211
1491211
Thanks. You saved my day!
– rmvz3
Feb 19 '17 at 15:46
Thanks! Helped me!
– Vlad Pulichev
Jul 23 '18 at 14:45
add a comment |
Thanks. You saved my day!
– rmvz3
Feb 19 '17 at 15:46
Thanks! Helped me!
– Vlad Pulichev
Jul 23 '18 at 14:45
Thanks. You saved my day!
– rmvz3
Feb 19 '17 at 15:46
Thanks. You saved my day!
– rmvz3
Feb 19 '17 at 15:46
Thanks! Helped me!
– Vlad Pulichev
Jul 23 '18 at 14:45
Thanks! Helped me!
– Vlad Pulichev
Jul 23 '18 at 14:45
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f36482311%2fios-public-key-ssl-pinning-returns-nil%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You can't simply import public key because its format is different than what iOS expects. Read here: blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios
– invisible_hand
Apr 7 '16 at 18:51
How does this example work then? github.com/antekarin/ssl-pinning-swift
– Greg Miller
Apr 7 '16 at 20:46