We are developing an iOS Application that connects to a server over https using nsurlconnection sendsynchronousrequest
We are getting the following error in the iPod Touch 3.2. However, the exact same code does not give any error on iPhone 3.1
Error message:
The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xx.xx.xxx.xxx” which could put your confidential information at risk
We are trying to connect to a server https: subdomain.domain.com and the certificate actually belongs only to https: domain.com Could that be the reason of the above inconsistency? Any idea why it works on iPhone and not on the iPod Touch. The certificate is signed by GoDaddy. Could it be that the iPod Touch does not have GoDaddy's root certificate?
We need to find a way around this problem without preferably using private APIs. Any help will be appreciated. Thanks.
We had almost this exact problem: A certificate error on a particular device running the same code that worked on multiple other devices. It turned out that this had to do with the internal date of the problem device not being current. Our SSL certificate was up to date, but the device was set outside the valid date range. It's worth checking because it could happen to anyone - even the iTunes app reviewer rejected the app for this reason. Luckily we were familiar with the issue, appealed and got a quick approval.
Related
I have a very unique situation here, I have to test devices with same specification. The application i have developed has push notification capability enabled. All configurations are done in server side i.e added device as development device, the device is added into provisioning profile, the provisioning profile is installed in phone and development machine as well. Now the problem is the application is installed in both the device in one device everything works perfectly fine the notification appears for every event, however in another device it doesn't.
I tried everything i.e checking the setting in device if for some reasons notification is not allowed or may be some settings. I compared all the settings in both the devices everything is same.
The error I get in server side is Bad Device Token for one device. I tried to delete the token from server side and got it again still same situation it works for one device but not for other.
Any help or pointer would be really appreciated.
We are developing an iPhone app, and we have one client who wants to use their own SSL certificate bundle. As far as I know this is not possible since the app can't access the device cert (assuming the client just install their own bundles on each of their device). Other option is to submit a whole different app just for them, but that's not a good solution and I am trying to avoid that.
Does anyone have experience with this sorts of problems? I tried to google around but could not find anything.
Any help or direction would be much appreciated!
Is there any way to distribute an unsigned app through emails or internet?
I.e. itms-services://?action=download-manifest&url=URL_TO_PLIST.
Moreover, it is a security issue if it is possible to install unsigned app on a jailbroken device?
Thank you.
I can't quite understand what you're trying to do here - if you're trying to install an app that is not on the App Store and also unsigned with the itms-services-protocol, you are out of luck, as that is strictly for iTunes and App Store-links.
The only way to distribute an app that is not on the App Store, is with the ipa-file, but that has to be signed as well (at least for unjailbroken devices).
You can do it in cydia with link like cydia://package/[package name]
However security is really a question here. Not sure if there any code review for the accepted packages.
Sorry if this is an extremely late response, but the question isn't closed yet, so I'm assuming you still need an answer. It is a security concern, but with a jailbreak, users are technically "opening" their device to such security threats, so I don't think that's much of a concern. If they jailbreak, they probably know what they're doing.
To answer the first part of your question, you can use ldid to pseudo-sign the app and then create an itms-services:// link that users tap to install. The only caveat to this option is that the iOS Device will contact oscp.apple.com & ax.init.itunes.apple.com to verify the app's signature. If you want to bypass this, you'll have to change the DNS settings of the iOS device using a mobile configuration file. Do this using Apple's iPhone Configuration Utility, which will generate a .mobileconfig with your specified settings. You won't have to generate a specific file for each device, so you can make one and you're done.
Anyways, back to the topic, jailbreaking doesn't remove the need for codesigning, it only removes the need for an app to be signed with Apple's certificate(s). itms-services:// is a bypass (for developers) of the same "need". Since Apple obviously doesn't want people who aren't developers just signing apps that aren't approved by Apple and installing them, they've implemented certificate checks. The signing-certificate is cross-checked with Apple's two servers. One of the servers (I don't know which) checks for "iPhone Developer:" in the name of the certificate. The other checks that it was signed by Apple's WWDRCA Certificate. If the iOS Device gets a response from either of the servers signifying that the app is "bad". If the iOS Device doesn't get a response, it will still install the app.
The way to go with this in order to bypass would be to clone a DNS server, and create a specific entry that will change the IP of these two servers to something (anything) else. That way, the Device will not get a response, and will install the application.
modify the file SDKSettings.plist : make code sign required value is NO
when build, selected project (not target) -- build setting -- code signning identity: Dont code sign
build, get the .ipa file can run on the jailbreak device
I am using APNS service in my universal app (iPhone/iPad) and i am not geting notifications on device. Previously i was getting notifications perfectly but now a days with the same code at server side and client, it is not working.
On server side notification status is delivered but i am not receiving it on my device.
I have checked most of the questions on stackoverflow but i was unable to find my question. one guy said that in development environment it may have delays, but my problem is that i am not receiving notifications at all.
Note: i am using sandbox environment not production.
Just in case you haven't found a solution yet, one additional thing you could check is if your device's date and time is properly set (in the OS). If your iPod, iPhone or iPad isn't set to the current date, we found that notifications are ignored silently. Of course, there are many other possible explanations as to why your service stopped working, but this is a simple thing to check when everything else appears to be fine.
Following are the things you can check
Check the entitlements while codesigning the app. (They can be seen in Xcode build log).
Check whether notifications are on for the device in the settings menu.
If you are using corporate network on the iOS device, the push notifications might be blocked. Try using a different network.
After launching the app, check the organizer for any logs with the reason why push notifications can not be enabled.
I hope some of this helps you out.
I just revoke my certificates
Uploaded new certificates deleted all provision from my organizer
and then created new provisions and installed them on my system.
At the same time I got my APNS working.
I am trying to get my iPhone application to work with HTTPS in addition to HTTP, but using UIWebView or MPMoviePlayerController to view a Quicktime MOV file doesn't seem to work over HTTPS. I get "This movie could not be played". I tried in Safari to eliminate my app as being the problem, and the same thing happened. If I use HTTP, it works fine.
This thread has a similar discussion, but no resolution: http://discussions.apple.com/thread.jspa?messageID=12908818
I am not using self-signed certs; my machine has a registered SSL cert, and I pushed both the GoDaddy intermediate cert and the normal cert to my iPad (4.2.1) using iPhone configuration utility. I verified this works because Safari doesn't prompt me about the certificate when visiting the secured site, like it would before. I can view the movie over HTTPS using normal browsers such as FF or Safari on OSX, just not iOS. It also appears to work in the simulator as well, but I have tried both iPhone 4.1 and iPad 4.2.1.
Is there any workaround that will let me view video over HTTPS?
After experiencing the very same problem and symptoms, I was able to gain access to the Apple Developer Forum thread mentioned here
The upshot of the Apple thread is that you must have a valid Intermediate Certificate installed on the server. It is not enough to have only the server certificate installed.
I have tested this with Mac OS X 10.6 Server. I installed the server certificate and while desktop browsers were able to stream a video over HTTPS, iOS devices (iPhone and iPad) both gave the "This movie could not be played" error.
Installing the Intermediate Certificate fixed the problem.
Other devices, like Android phones and tablets, and RIM PowerBook (via Flash) had no problems playing the video without the Intermediate Certificate. I suspect it is a case of iOS being overzealous with its security, a "Feature" if not a bug ;-)
I'm not a PKI expert, so I cannot tell you why this works. Perhaps another contributor can explain the PKI voodoo behind this.
Marking this as resolved. This parallel thread on apple dev. forums:
https://devforums.apple.com/message/361209#361209