System.Net.WebException: An SSL error has occurred and a secure connection to the server cannot be made

Question

Already found the same thread here, but that not resolved my problem.

I have added NSAppTransportSecurity and NSAllowsArbitraryLoads in info.plist.

Screenshot:

Added the below codes from this article.

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>pm-admin.smartwcm.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionAllowInsecureHTTPSLoads</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <true/>
                <key>NSExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
                <key>NSThirdPartyExceptionAllowInsecureHTTPSLoads</key>
                <false/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <true/>
                <key>NSThirdPartyExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
                <key>NSRequiresCertificateTransparency</key>
                <false/>
            </dict>
        </dict>
    </dict>

I am using HTTP REST APIs. When running the project I am getting the following exception:

System.Net.WebException: An SSL error has occurred and a secure connection to the server cannot be made. ---> Foundation.NSErrorException: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?

Am I missing something or do anything wrong?

Answer 1

Cause: Since iOS 9, iOS will only allow your application to communicate with servers that implement best-practice security by default. Values must be set in Info.plist to enable communication with insecure servers.It seems that you only AllowInsecureHTTPSLoads but forget to add AllowsInsecureHTTPLoads

Solution: Add the following code in your info.plist to trust your domain.

<key>NSAppTransportSecurity</key>
 <dict>
 <key>NSExceptionDomains</key>
 <dict>
  <key>pm-admin.smartwcm.com</key>
  <dict>       
   <key>NSExceptionRequiresForwardSecrecy</key>
   <false/>
   <key>NSExceptionAllowsInsecureHTTPLoads</key>
   <true/>
   <key>NSIncludesSubdomains</key>
   <true/>
   ...... 
  </dict>
 </dict>

Here is a similar issue that you can refer.

Answer 2

Because you must to use certificate.

class ViewController: UIViewController, URLSessionDelegate,URLSessionTaskDelegate {

var urlSession: Foundation.URLSession!

  override func viewDidLoad() {
        super.viewDidLoad()
        urlSession = URLSession(configuration: URLSessionConfiguration.default, delegate: self, delegateQueue: nil)
}

    func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {

        let serverTrust = challenge.protectionSpace.serverTrust
        let certificate = SecTrustGetCertificateAtIndex(serverTrust!, 0)
        let policies = NSMutableArray();
        policies.add(SecPolicyCreateSSL(true, (challenge.protectionSpace.host as CFString)))
        SecTrustSetPolicies(serverTrust!, policies);
        var result: SecTrustResultType = SecTrustResultType(rawValue: 0)!
        SecTrustEvaluate(serverTrust!, &result)
        let isServerTrusted:Bool = (result == SecTrustResultType.unspecified || result == SecTrustResultType.proceed)
        let remoteCertificateData:NSData = SecCertificateCopyData(certificate!)
        let pathToCert = Bundle.main.path(forResource: "certificateName", ofType: "crt")
        let localCertificate:NSData = NSData(contentsOfFile: pathToCert!)!
        let credential:URLCredential = URLCredential(trust: serverTrust!)
        completionHandler(.useCredential, credential)

    }


}