Hello,
I'm trying to make a pinning SSL with AFNetworking 2.5.4 (with a Comodo Certificate) but when i set securityPolicy.validatesCertificateChain = true don´t work.
I grab my certificate (CER) from the server.
openssl s_client -connect example.com:443 -showcerts
Grab the output between the first -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and save it to example.pem
Convert from PEM to CER (DER):
openssl x509 -outform der -in example.pem -out example.cer
Then, i add example.cer to my Xcode project and i add it to the 'Copy Bundle Resources' Build Phase. My SecurityPolicy are:
let securityPolicy = AFSecurityPolicy(pinningMode: AFSSLPinningMode.PublicKey)
let certificatePath = NSBundle.mainBundle().pathForResource("example", ofType: "cer")!
let certificateData = NSData(contentsOfFile: certificatePath)!
securityPolicy.pinnedCertificates = [certificateData];
securityPolicy.validatesDomainName = true
securityPolicy.allowInvalidCertificates = false
securityPolicy.validatesCertificateChain = false
manager.securityPolicy = securityPolicy
With this SSL Pininning works but I want not only validate the leaf certificate for that i change
securityPolicy.validatesCertificateChain = true
But with that configuration throws me the following error:
Domain=NSURLErrorDomain Code=-1012 "The operation couldn’t be completed. (NSURLErrorDomain error -1012.)
I have read if securityPolicy.validatesCertificateChain = true i must enter the entire SSL certificate chain but I do not know how to generate it.
I tried with following code but not work (i get the same error):
openssl s_client -connect example.com:443 </dev/null 2>/dev/null | openssl x509 -outform DER > example.cer
How do I get the entire SSL certificate chain for add to Xcode?