I am trying to display an image that is stored on an Amazon S3 Bucket. The URL is something like https://s3.amazon.com/..../test.jpg. Whenever I do this on the iPhone simulator, the image is displayed properly. However, if I test it on the actual device itself, I keep getting:
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “s3.amazonaws.com” which could put your confidential information at risk." UserInfo=0x20007030 {NSErrorFailingURLStringKey=https://s3.amazonaws.com/.../test.jpeg, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://s3.amazonaws.com/.../test.jpeg, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “s3.amazonaws.com” which could put your confidential information at risk., NSUnderlyingError=0x20014d40 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “s3.amazonaws.com” which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x1edd98a0>}
I was getting the same certificate error from S3, and found adding this to the NSURLConnectionDelegate fixed the problem:
-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] &&
[challenge.protectionSpace.host hasSuffix:@"example.com"])
{
// accept the certificate anyway
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
}
else
{
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
}
NOTE: You'll need to change 'example.com' to a domain you trust, or use a more sophisticated mechanism than 'hasSuffix'.
FYI Apple Technote TN2232 "HTTPS Server Trust Evaluation" goes into much of the detail about why the certificate was rejected and how to handle it: https://developer.apple.com/library/ios/technotes/tn2232/_index.html
Thanks to Gordon Henriksen for answering this at https://stackoverflow.com/a/2033823/235229, but using an older api.