NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."

App & System Services Core OS
LucasJohnson780 OP
Created Aug ’20
Replies 1
Boosts 0
Views 5.3k
Participants 1
I just set up https on my server and in safari it shows I have a certificate with lets encrypt which is 2048 bits with SHA-256 RSA Encryption. For some reason though when I try to connect to my backend from my SwiftUI app it errors out with the following error:

2020-08-29 09:23:42.919885-0700 Sonar Music[1931:691071] ATS failed system trust
2020-08-29 09:23:42.919933-0700 Sonar Music[1931:691071] Connection 1: system TLS Trust evaluation failed(-9802)

2020-08-29 09:23:42.920184-0700 Sonar Music[1931:691071] Connection 1: TLS Trust encountered error 3:-9802

2020-08-29 09:23:42.920217-0700 Sonar Music[1931:691071] Connection 1: encountered error(3:-9802)

2020-08-29 09:23:42.921950-0700 Sonar Music[1931:691071] Task <AB6AE519-5FC7-4869-A0E1-0F535570980E>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])

2020-08-29 09:23:42.927917-0700 Sonar Music[1931:691071] Task <AB6AE519-5FC7-4869-A0E1-0F535570980E>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x2818962e0>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, kCFStreamErrorDomainKey=3, kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(

    "<cert(0x15489ba00) s: sonarmusic.social i: Let's Encrypt Authority X3>",

    "<cert(0x154873c00) s: Let's Encrypt Authority X3 i: DST Root CA X3>"

), NSUnderlyingError=0x2824101b0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x2818962e0>, kCFNetworkCFStreamSSLErrorOriginalValue=-9802, kCFStreamErrorDomainKey=3, kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(

    "<cert(0x15489ba00) s: sonarmusic.social i: Let's Encrypt Authority X3>",

    "<cert(0x154873c00) s: Let's Encrypt Authority X3 i: DST Root CA X3>"

)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey="Myurl", NSErrorFailingURLStringKey="myurl",NSErrorClientCertificateStateKey=0}

Error took place Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x2818962e0>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, kCFStreamErrorDomainKey=3, kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(

    "<cert(0x15489ba00) s: sonarmusic.social i: Let's Encrypt Authority X3>",

    "<cert(0x154873c00) s: Let's Encrypt Authority X3 i: DST Root CA X3>"

), NSUnderlyingError=0x2824101b0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x2818962e0>, kCFNetworkCFStreamSSLErrorOriginalValue=-9802, kCFStreamErrorDomainKey=3, kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(

    "<cert(0x15489ba00) s: sonarmusic.social i: Let's Encrypt Authority X3>",

    "<cert(0x154873c00) s: Let's Encrypt Authority X3 i: DST Root CA X3>"

)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey="myurl", NSErrorFailingURLStringKey="myurl",NSErrorClientCertificateStateKey=0}


Why does safari like the certificate but iOS won't use it???

Here is my code which was working before when I overrode the https requirement:

class ClassifiedsViewModel: ObservableObject {

    @Published private(set) var classifieds: [Classified] = []

    @Published private(set) var loaded = false



    func GetClassifieds() {

        // Prepare URL

        let url = URL(string: "my_url")

        guard let requestUrl = url else { fatalError() }

    

        // Prepare URL Request Object

        let request = URLRequest(url: requestUrl)

 

    

        // Perform HTTP Request

        let task = URLSession.shared.dataTask(with: request) { (data, response, error) in

        

            // Check for Error

            if let error = error {

                print("Error took place \(error)")

                return

            }

 

            // Convert HTTP Response Data to a String

            if let data = data, let dataString = String(data: data, encoding: .utf8) {

                print("Response data string:\n \(dataString)")

                print(data)

            do{

                       let classifiedData = try JSONDecoder().decode(JsonResponse.self, from: data)

                print(classifiedData.classifieds)

                if classifiedData.success{

                    DispatchQueue.main.async {

                        self.classifieds = classifiedData.classifieds

                        print("classified \(self.classifieds)")



                    }

                }

            } catch let error as NSError {

                print("Failed to load: \(error.localizedDescription)")

            }



        }



    }

    task.resume()

    }

}


Replies  1
Boosts  0
Views  5.3k
Participants  1
LucasJohnson780 OP
Sep ’20
Turns out that I wasn't conforming to the requirement: "TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted."

In the long run it was an easy fix certbot has a -d option to allow you to add your domain name to the cert. For me it was

certbot --nginx -d www.mydomain -d .mydomain


Also the nginx config file has to have the domain in it.

https://support.apple.com/en-us/HT210176
0
NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."
First post date Last post date
 
 
Q