I read through the thread but it was hard to follow. I did go to the website referenced, which was very helpful (https://blog.arrogantrabbit.com/ssl/Root-CA-macOS/) but also needed to know how to deal with a wired iPhone vs a simulator or web page as I think Subject Alternate Name Extension becomes a factor and for that step in the CA creation it states:
Unchecked, Unless you have good reason to provide alternate names
Which this might be. Do you know? Would I use the Mac's local DNS name for this?
Post
Replies
Boosts
Views
Activity
If I'm trying to connect to a service running on my local MacBook on my local LAN and I have an iPhone connected to my MacBook, how do I reference the API services on my MacBook without using the IP? Can I use the IP or is it just bad practice? If I can, do I need to configure the CA or exported .p12 in some specific way to allow it? Otherwise, is there a way to call the connected MacBook with something other than the IP from the USB connected phone?
I think your local hostname is a little more creative than mine which is MacBook-Pro.local. My Use dynamic global hostname is off.
In creating the certificate from the authority do I leave the IPAddress: as 127.0.0.1 or use the ip on my LAN? I left it as 127.0.0.1 as neither the documentation or your response said I should change it to 10.0.0.5.
I got an error running this:
openssl pkcs12 -in certificate.p12 -out server.key -nodes
Here is the error:
Error outputting keys and certificates
40E24F0202000000:error:0308010C:digital envelope > routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
However, I am using this on Kestrel which seems to take the p12 or pfx.
I am getting this error:
Connection 4: default TLS Trust evaluation failed(-9813)
Connection 4: TLS Trust encountered error 3:-9813
Connection 4: encountered error(3:-9813)
Task .<2> HTTP load failed, 0/0 bytes (error code: -1202 [3:-9813])
Task .<2> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “macbook-pro.local” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x105160a00) s: MacBook-Pro.local i: XXXXXXXXXXX Dev CA>",
"<cert(0x105150400) s: XXXXXXXXXX Dev CA i: XXXXXXXXXX Dev CA>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://macbook-pro.local:5001/api/TestAPI, NSErrorFailingURLStringKey=https://macbook-pro.local:5001/api/TestAPI, NSUnderlyingError=0x302a09620 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x30141fa20>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x105160a00) s: MacBook-Pro.local i: XXXXXXXXXX Dev CA>",
"<cert(0x105150400) s: XXXXXXXXXX Dev CA i: XXXXXXXXXX Dev CA>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask .<2>"
), _kCFStreamErrorCodeKey=-9813, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask .<2>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x30141fa20>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “macbook-pro.local” which could put your confidential information at risk.}