I am implementing a push notification system for one of my apps, so I am following this tutorial and generating a SSL certificate for that.
This app of mine involves also, some exchange of data between the app and the server and I would like it to be SSL protected and I was wondering of getting a SSL certificate from verisign or other company like that.
My question is: is this SSL certificate created for push a regular SSL certificate, so in that can use it also to establish a https connection to the server (and save a couple hundred dollars to order a third party certificate)? I don't know much about SSL certificates, but I hope it can be used for that...
This will be amazing!
Since each certificate is tied to a specific domain, I'm not sure how this would work. There is a concept of wildcard certificates, but I still think they have to be for the same domain.
In your case, it sounds like you will have the Apple push certificate, which validates the connection between your server and Apple's push notification server. The other certificate would be to validate/secure the connection between your iOS app and your server. Both of these are assigned a different domain (gateway.sandbox.push.apple.com vs. yourserver.com).
One option you do have depending on how your iOS app is structured is to use a self-signed certificate between your iOS app and your server. I'm guessing the end-user will not be seeing the certificate anyway. This might be a way to save you money before deciding on a third party certificate.
Related
I am developing an app with a server part programmed in Go and a client programmed in C#, the connection between the two is made using TCP socket communication, and to ensure the connection I am using TLS.
My question is whether there would be any security problem in my case when using self-signed certificates for TLS communication.
I understand that for a web server that uses https it is necessary to use certificates signed by a certificate authority (CA) but in my case, when connecting my own client application I don't see why I should use one of these.
If anyone knows anything about it, it would be a great help.
Certificates are used for authenticating the end points, and usually the cert is signed by a certificate authority which your client (such as a web browser) already trusts. Using a self-signed cert in that scenario can lead to problems, as the browser won't trust it, and so will pop a warning box. However, the real issue is that for the typical user, a warning from your server is as good as indistinguishable from an attacker using another self-signed certificate. They'll click-away and KABOOM!
If this is a closed environment, and you control both the server and client, then the self-signed certificate is irrelevant. In fact, you don't even need one at all, and may be better off with one of the alternatives, like TLS-PSK, or TLS-SRP.
Basically our iOS app needs to communicate with a server which has a self signed certificate for now. In my app, the https is failing with untrusted server certificate which is understandable. The error is like this:
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “my host name here” which could put your confidential information at risk."
So I sent the self signed certificate via email to the iOS device and imported into the profiles and hoping that it would be used as part of root CA for https authentication. To my surprise, it is not and I am still getting the same error. I think that iOS would be default to use root CAs at keychain to validate the server certificate and from what I read, the imported certificate at profiles are at keychain as well. So I could not understand why my imported self signed certificate is not used as root CA.
At this point, I don't really want to trust this self signed certificate via the coding like this iOS authenticate HTTPS with self-signed certificate or In iOS, how to connect to a server using https with self-signed certificate on the server? since this won't work in customer case where they would install our server on their network and they could create their own self signed certificate.
Somehow I didn't really get much information around this from searching. Could anyone shed some lights here and what I need to do to debug this? Thanks very much.
Update on July 15:
More update around this. I also tried to use configuration profile to add a self signed CA to root CA at the iOS device by following Adding Trusted Root Certificate Authorities to iOS , from my testing on 6.0 iPad and iPhone, it doesn't work as well. So not sure if that only works on jail broken device or not. In the end, I end up by allowing user to import a self signed certificate into the app. The app would load such imported certificate for certificate verification similar to this In iOS, how to connect to a server using https with self-signed certificate on the server?. Hope that it would help others in this case.
looking at the first tutorial you linked to you should be able to use that or some more advanced form of that and once you have tested and have it working then all you have to do for a client to create and add their own certificate would be to override/replace the localhost.cer file in the apps folder where the file localhost.cer "or whatever name scheme you use" is located. there are many ways to do this but one could be telling the app a link where the certificate is online for download and once downloaded, then replace.
Any questions I'll try and help further but hopes this helps you in the right direction.
I'm currently learning to develop for iOS and reached the points where i want to play around with some push-notifications.
I was able to use the developing certificate to register the iPhone for Push-Notifications but now i want to establish a connection between my debian rootserver and the APNS (for the first try i'll connect to the sandbox-server).
Some tutorials showed me how to receive a certificate for my Mac but therefore I need a valid certificate for my server or am I wrong with this assumption?
As far as I know the APNS works with apple certificates only. In short:
Create an app id in provisioning portal
Enable it for push notifications
Generate certificates following the usual procedure.
Combine the generated certificate and private key into one .pem and us it in communicating with apple.
This tutorial was all I needed:
http://www.raywenderlich.com/3443/
I have a mobile app that will be communicating with my webserver over https. My question is, do I even need to worry about installing a certificate since all traffic to this api will be headless?
In my understanding, SSL provides the encryption for a request, and a certificate establishes trust for the end user. Because these calls to my webserver will essentially be headless, I'm thinking I don't need to worry about the trust establishment.
Am I correct in this thinking?
You will either need a self-signed certificate or a CA-signed certificate in order to use HTTPS on your server.
If your certificate is not assigned to you by a certificate authority, then any connection you make will trigger an error in your URLRequest that you will have to handle. The problem with an untrusted certificate is that a malicious man-in-the-middle could fake data to and from your server with his own self-signed certificate, and possibly pick up authentication credentials or data that he should not have access to.
If you are dealing with any authentication credentials or other private data, I'd recommend just requesting a signed certificate. If you shop around, you can find cheap signed certificates for $10-20 a year, which is a trivial cost to protect your users.
However, if this is just a personal project (the only data you have to worry about is yours), or any data that you will be sending is freely available, a self-signed certificate may be enough.
My application uses ASIHttpRequest for my server communication. I have a requirement that I should block HTTP protocol cos I dont wont to transmit that data over insecure link. So only SSL over HTTPS will be allowed. Also even thought the link is HTTPS I need to ensure that I am calling to the correct certificate. So I need a server certificate validation in my code. Please guide me how to do this.
I researched on this. I found few possible answers. One is to create a client certificate and do the validation. Also there are ways to "Client certificates support" under ASIHttpRequest documentation. So how to achieve my requirements above. Also integration of CFNetwork code into ASIHttpRequest will also do.
Regards,
Dilshan
You can get a validated certificate from an certificate authority like StartSSL or Thawte. Then iOS checks if the certificate is trusted by an authority. iOS comes with different trusted authorites.
If the server certificate is not validated by an authority the connection is rejected.
You don't need to do something special in code. Only use a https connection.