在iOS7 GM中接收SSL错误 - “AddTrust External CA Root”不信任? [英] Receiving SSL error in iOS7 GM - "AddTrust External CA Root" is not trusted?
问题描述
我在NSURLConnection课程中收到了一个SSL错误,突然来自iOS7 GM。
我无法访问任何API或webView页面,并且是一个严重的紧急情况。
I am receiving a SSL error in my NSURLConnection class, suddenly from iOS7 GM. I cannot access any of my APIs or webView pages, and is a severe emergency.
有人可以帮我吗?
错误如下:
NSURLConnection / CFURLConnection HTTP加载失败(kCFStreamErrorDomainSSL,-9813)
NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
我查了一下错误,解释如下:
I've looked up the error, and it is explained as follows:
errSSLNoRootCert = -9813,/ *证书链未经root验证* /
errSSLNoRootCert = -9813, /* cert chain not verified by root */
我的根证书域名(通过浏览器访问确认)
My root certificate for my domain (confirmed via browser access) is
AddTrust外部CA根。
这不太可能不受信任,因为:
It is very unlikely that this is not trusted, because:
-
此根证书甚至列在iOS5和6中:受信任的根证书列表。
http://support.apple.com/kb/ht5012
此错误从未出现在iOS6之前,甚至直到iOS7 beta 6.
它突然出现在iOS7 GM中。
This error has never appeared anytime up to iOS6, and even until iOS7 beta 6. It suddenly appeared in iOS7 GM.
我的浏览器告诉我它是一个值得信赖的证书。
My browser tells me that it is a trusted certificate.
我的证书的到期日期没有问题。
There are no problems with expiration dates for my certificate.
我想知道这是否是操作系统中的错误,或者我是否需要购买不同根证书,
或其他地方是否存在问题。
PS我的NSURLConnection没有用于处理身份验证质询的代码。
P.S. I have no code around my NSURLConnection for handling authentication challenges.
推荐答案
尝试将中间证书添加到(API)Web服务器配置中。大多数情况下,它们会与您的真实证书一起发送。
Try adding the intermediate certificates to your (API's) web server configuration. Most times they are sent along with your real certificate.
可能是iOS知道(并信任)根证书,但是一个(或多个)中间证书(在您的实际证书和真实证书之间)是未知的。通过添加它们,iOS可以确定证书和根证书之间的链实际存在。
It might be that iOS knows (and trusts) the root certificate, but that one (or more) intermediate certificates (between your actual certificate and the real certificate) aren't known. By adding them, iOS can figure out that the chain between your certificate and the root certificate actually exists.
这篇关于在iOS7 GM中接收SSL错误 - “AddTrust External CA Root”不信任?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
