Everything is fine when my iPhone 7 is still iOS 12. After it upgrade to iOS13 public beta7, I found that my iPhone can not do SSL proxying with Charles 3.x version.
Charles says:
SSLHandshake: Remote host closed connection during handshake
You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu.
Follow the steps given by the Charles.
After granting trust to the Charles certificate, need to do 1 more step, to enable full trust:
https://support.apple.com/en-nz/HT204477
Far as I know, Apple has released new security requirements for TLS server certificates in iOS 13 and macOS 10.15. Thus, your Charles CA Root Certificate might be out-of-date. I think you could try to delete that certificate and re-install and trust Charles CA with the newest version of Charles to see if it works (Hope that Charles has updated and fixed this bug). I had switched from Charles to Proxyman and they also had a release to fix this bug: https://github.com/ProxymanApp/Proxyman/releases/tag/1.4.4.1
The same issue on iOS 14.3. My solution was reinstalling the certificate. This requires regenerating Root certificate in Charles, which would prompt to install a new one when visiting chls.pro/ssl
Recently I reset the device to factory settings, and maybe this caused this error to appear.
Related
I tried to intercept the requests on my android and iOS apps using charles proxy.
On android i'm able to see the requests and response without issues however on iOS it's not working fine.
I receive:
SSL handshake with client failed - Remote host terminated the handshake
You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu.
The manual proxy is correctly configure on the device, and i already trusted the charles certification on my iphone. I'm quite sure that all configs are correctly set up.
I'm wondering if it's a limitation on my iOS app. Any ideia?
Thanks in advance
You might need to tell your device to trust the certificate.
From this page on the Charles Proxy website:
If you are on iOS 10.3 or later, open the Settings.app and navigate to General > About > Certificate Trust Settings, and find the Charles Proxy certificate, and switch it on to enable full trust for it (More information about this change in iOS 10).
Is there any way to enable / configure proxy server of Wi-Fi on the Apple Watch?
We would like to test something via Charles so we would like to connect the Apple Watch with Charles.
I didn't find any settings on the Watch, and although I turned on proxy on the iPhone, traffics from the Watch doesn't appear in Charles :( .
Figured it out. It turns out it will just use the iPhone's proxy configuration. Although I must first install the Charles SSL certificate on the iPhone! After installation, the traffic appeared.
Link to get the certificate: https://charlesproxy.com/getssl
I've installed Charles SSL certificate on the iPhone, but https requests reject yet. iOS 10, iOS 11
Any options to install ssl cert on Apple Watch, 'cause https://charlesproxy.com/getssl doesn't work for Watch
I'm debugging a site using an iphone with ios 6.. Using the inspector from the iphone on the mac while visiting a site I get:
Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “www.photorank.me” which could put your confidential information at risk.
When I go to the same site on a mac using ffox/chrome/safari that issue does not exists.
The URL with the issue is https://www.photorank.me/static/js/olapic/widgets/ecommerce.js
It seems that the certificate is invalid for some reason but the only device saying so is the iphone and ipad..
Any idea what is wrong?
It's not trusted, see this or this. OSX might have wider root certificates base than iOs devices or simulator.
I'd like to test an application on the iphone simulator which connects to a service using a certificate which is signed by our own CA. I can do this on the actual device by adding a provisioning profile which has the CA certificate. I had thought that having the CA certificate in the standard OSX keychain would work, but it doesn't.
So I can access the service via Safari without warning, but I get error when trying to run things in simulator.
The crypto api's are unavailable to the simulator. I think someone at apple was smoking crack when they made this decision because i fail to see how having an iPhone changes the out come of a cryptographic algorithm. Never the less in order to develop with these systems you'll need an iphone or ipod touch.
This link worked for me
canAuthenticateAgainstProtectionSpace method set to return yes.
NOTE: this will accept any certificate so should be removed for production releases: ie: ONLY for testing
It seems to work okay when I point the emulator at one of our live servers which a use a 'real' certificate. But I've just been getting 1200 errors trying to get the emulator to talk to a local test server I set up this morning.
So there must be crypto libraries there (or our app wouldn't talk to the live servers with real certificates), but there certainly seems to be a problem with self-signed certs.
I develop an iPhone framework which sends HTTPS requests in order to communicate with a publicly available backend server. Currently I have a big problem regarding untrusted server certificates.
The certificate of the backend server is not signed by a trusted CA, so my first approach was to use NSURLRequest's private allowsAnyHTTPSCertificateForHost. While this worked as expected and was fine as temporary workaround, our customer demands a clean solution as final result. Therefore I wrote a method which allows to install a provided certificate from the file system in the keychain, but this method does not work as expected in the iPhone Simulator. The certificate is installed in the host machine's Mac OS X keychain instead. Unfortunately, if I call NSURLConnection's sendSynchronousRequest method, I retrieve an "untrusted server certificate" error. It seems as if NSURLConnection is not able to access the host's Mac OS X keychain to retrieve the certificate.
Is my guess correct or did I miss something?
Would my approach work if I ran my app on a real iPhone device instead (I do not have one available yet)?
Does there exist a keychain in the iPhone Simulator at all?
Is it at all possible to send HTTPS requests to a server with an untrusted certificate on the iPhone Simulator or do I have to use precompiler directives to implement different routines depending on the underlying platform (simulator or device, respectively)?
Any help is highly appreciated.
Thanks,
Matthias
You can get free trusted SSL certificates at http://startssl.com
Perhaps the ASIHTTPRequest library can help with that?
Yes agree with Beat Bolli but i have done this by NSURL request.may be you are skipping spmething.