SWIFT: server certificate does NOT include an ID which matches the server name

Question

Created Jul ’24

Replies 25

Boosts 1

Views 2.6k

Participants 2

I'm working on MBP OSX Ventura 13.5.2 I'm working with Swift 5 (Xcode 15.2) I have a local httpd configured with vhosts. I create my local certs using mkcert.

When I visit the https://example site with Chrome the certificate is perfectly valid and there are no issues.

When I try and contact the same site using a DataCallBack function to the URL I get the error "server certificate does NOT include an ID which matches the server name"

In the log:

Connection 1: default TLS Trust evaluation failed(-9807)
Connection 1: TLS Trust encountered error 3:-9807
Connection 1: encountered error(3:-9807)

Answered by DTS Engineer in 802047022

So I dragged my CA root certificate (JacarandaCA.p12) to the simulator

That’s not right. You don’t want to install the digital identity, but rather just the certificate.

I ran through these steps today, just to be sure, and things are still working for me. Here’s what I did:

Using Xcode 16.0b6 on macOS 14.6.1, targeting the iOS 18.0b7 simulator…
Create a new app project from the iOS > App template.
Add a Test button and wire it up to the test function; the code for that is at the end of this post.
Build and run it on the simulator.
In the simulator, tap the app’s Test button. It logs:
```
will run task
did not run task, error: NSURLErrorDomain / -1200
```
As expected, the app can’t access https://www.cacert.org because its certificate was not issued by a trusted root.
Stop the app.
On the Mac, go to the CAcert website http://www.cacert.org/index.php?id=3 and download Root Certificate (DER Format). That yields a file called root_X0F.der.
Drag that into the simulator.
In the simulator, there’s an alert saying “This website is trying to download a configuration profile. Do you want to allow this?” Tap Allow.
There’s a second alert saying “Profile Downloaded; Review the profile in the Settings app if you want to install it.” Tap Close.
Still in the simulator, launch Settings.
There’s now a Profile Downloaded entry. Tap it.
Run through the install process.
Once you’re done, navigate to Settings > About > Certificate Trust Settings and enable CA Cert Signing Authority.
Back in Xcode, run the app again.
And in the app, tap the Test button again. It prints:
```
will run task
did run task, status: 200, bytes: 15280
```
The app is now able to access https://www.cacert.org because the CAcert root is installed in the simulator.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

func test() async {
    do {
        print("will run task")
        let url = URL(string: "https://www.cacert.org")!
        let request = URLRequest(url: url, cachePolicy: .reloadIgnoringLocalCacheData, timeoutInterval: 60.0)
        let (data, response) = try await URLSession.shared.data(for: request)
        let httpResponse = response as! HTTPURLResponse
        print("did run task, status: \(httpResponse.statusCode), bytes: \(data.count)")
    } catch let error as NSError {
        print("did not run task, error: \(error.domain) / \(error.code)")
    }
}