Hi,
I just set up a new domain and got the SSL certificate using GoCert. I used Nginx to set up a reverse proxy so that my domain points to my VM instance (which I am hosting on GCP). However, I am getting this problem where when my front end sends an HTTP request to my domain, the app crashes and complains and crashes because of an SSL error.
For now I am able to mask this error by putting this in my info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
...
Having this in the info.plist file works. But, I was wondering if there was anything that I can do so that I don't need to include this? I am new to app development and network programming and was wondering if anyone had suggestions for what to do or what this means. Would it be because of GoCert?
There are two approaches I generally recommend:
-
If you’re building a real server, have a proper CA issue it a cert. Networking Resources has links to the Apple Support articles describing Apple’s default TLS server trust evaluation policy.
-
If you’re building a test server, create a custom CA and install its root on the device. See QA1948 HTTPS and Test Servers. I generally create the CA and have it issue certs using Apple tools [1], but it sounds like you have that under control.
Neither of these require you to disable ATS.
The only situation where I generally encourage folks to disable ATS is when talking to an accessory. See TLS For Accessory Developers.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Per Technote 2326 Creating Certificates for TLS Testing.