iOS 11.3 issue : The certificate for this server is invalid

We are sending one get API call request to fetch user profile data. As of now this request is working fine till iOS 11.2 version. We updated Xcode to 9.4.1 and ran application with iOS 11.3 but it fails with below error :


Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be ““Server URL” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600000305e80>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9807, NSErrorPeerCertificateChainKey=(

"<cert(0x7f8d6a1ce200) s: *“Server URL: GeoTrust SSL CA - G3>",

"<cert(0x7f8d6a0dca00) s: GeoTrust SSL CA - G3 i: GeoTrust Global CA>"

), NSUnderlyingError=0x608000657100 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600000305e80>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9807, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9807, kCFStreamPropertySSLPeerCertificates=(

"<cert(0x7f8d6a1ce200) s: *API path: GeoTrust SSL CA - G3>",

"<cert(0x7f8d6a0dca00) s: GeoTrust SSL CA - G3 i: GeoTrust Global CA>"

)}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “Server URL” which could put your confidential information at risk., NSErrorFailingURLKey=, NSErrorFailingURLStringKey="API path", NSErrorClientCertificateStateKey=0}


Could anyone please help to resolve this issue ? Could not figure out why this request is failing iOS 11.3 onwards ?

Up vote post of amolPictPune Down vote post of amolPictPune
4.6k views
Posted by
amolPictPune
Reply
Add a Comment

Replies

i have the same issue using "https:// 192.168.0.33 "any ideas
Posted by
Simone Pasetto
Post not yet marked as solved Up vote reply of Simone Pasetto Down vote reply of Simone Pasetto
Add a Comment
I have same issue
Posted by
lunchDC
Up vote reply of lunchDC Down vote reply of lunchDC
Add a Comment
For local and remote IP based hosts, a remote TLS certificate cannot be verified because of issues verifying SubjectName information on the certificate against IP based hosts. To resolve this, move to a hostname connection and certificate on the remote side and this issue should go away.

The original question does not exactly look like an IP based host issue though. The original question looks like a chain of trust issue from the leaf to the root. To know for sure, I would have to take a deeper look. You can open a TSI and I can look at what is exactly happening here.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton

  • I'm getting this same error from TV.app, whenever I try to play anything downloaded from iTunes. The domain it is complaining about is experiments.apple.com. Both nscurl and Chrome assert that the certificate is valid, with a root of AAA Certificate Services. This hang is repeatable, including across reboots.

    MrJoy
Add a Comment