I have a simple app sending data to a web service (Ubuntu / Node js / javascript) Everything worked when using http (although an https setup issue may still be the problem). The problem appears to relate to the SSL server certificate on the Ubuntu server and the fact that apple does not accept that it is secure. However I have no problem with the equivalent Android app or web browser connections to the same rest API web services. There are numerous posts on these problems on Apple and other Forums, but none have helped me successfully address the issue.
I ran an SSL server test on https://www.ssllabs.com/ssltest/ which gives ratings for SSL sites. The test gave an A rating although a number of minor issues were shown that may be crucial to the iOS failure. Some Sectigo certificates said self signed, which I couldn't understand.
Error message from XCode log attached
2025-09-10 10:28:01.725091+0100 locateandclock[2291:1585213] ATS failed system trust
2025-09-10 10:28:01.725192+0100 locateandclock[2291:1585213] Connection 1: system TLS Trust evaluation failed(-9802)
2025-09-10 10:28:01.725291+0100 locateandclock[2291:1585213] Connection 1: TLS Trust encountered error 3:-9802
2025-09-10 10:28:01.725352+0100 locateandclock[2291:1585213] Connection 1: encountered error(3:-9802)
2025-09-10 10:28:01.726727+0100 locateandclock[2291:1585213] Task <4E41098F-6B71-4FB8-8753-78DD32961812>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])
2025-09-10 10:28:01.736504+0100 locateandclock[2291:1585213] Task <4E41098F-6B71-4FB8-8753-78DD32961812>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3,
NSErrorPeerCertificateChainKey=(
"<cert(0x10681be00) s: *.xxxxxxxxxxx.co.uk i: Sectigo Public Server Authentication CA DV R36>",
"<cert(0x10681c800) s: Sectigo Public Server Authentication CA DV R36 i: Sectigo Public Server Authentication Root R46>",
"<cert(0x10681d200) s: Sectigo Public Server Authentication Root R46 i: Sectigo Public Server Authentication Root R46>" ),
NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://xxxxxxxxxxxx.co.uk/insertclocking, NSErrorFailingURLStringKey=https://xxxxxxxxxxxx.co.uk/insertclocking, NSUnderlyingError=0x282361650 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x281cf4460>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x10681be00) s: *.xxxxxxxxxxxxxco.uk i: Sectigo Public Server Authentication CA DV R36>",
"<cert(0x10681c800) s: Sectigo Public Server Authentication CA DV R36 i: Sectigo Public Server Authentication Root R46>",
"<cert(0x10681d200) s: Sectigo Public Server Authentication Root R46 i: Sectigo Public Server Authentication Root R46>" )}},
_NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <4E41098F-6B71-4FB8-8753-78DD32961812>.<1>" ), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <4E41098F-6B71-4FB8-8753-78DD32961812>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x281cf4460>,
NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}
I then changed the iOS settings by setting NSAllowsArbitraryLoads to remove ATS - a test not a solution. The error message changes to the following, however I'm not sure what that tells me.
Any ideas???
2025-09-12 12:33:32.650932+0100 locateandclock[2832:2071478] Connection 2: default TLS Trust evaluation failed(-9813)
2025-09-12 12:33:32.651119+0100 locateandclock[2832:2071478] Connection 2: TLS Trust encountered error 3:-9813
2025-09-12 12:33:32.651175+0100 locateandclock[2832:2071478] Connection 2: encountered error(3:-9813)
2025-09-12 12:33:32.706852+0100 locateandclock[2832:2071478] Task <C3EFDBE5-89D2-4948-A3F5-A731FDFFB47F>.<2> HTTP load failed, 0/0 bytes (error code: -1202 [3:-9813])
2025-09-12 12:33:32.723928+0100 locateandclock[2832:2071541] Task <C3EFDBE5-89D2-4948-A3F5-A731FDFFB47F>.<2> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xxxxxxxxxxx.co.uk” which could put your confidential information at risk."
UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x10881e600) s: *.xxxxxxxxxxxx.co.uk i: Sectigo Public Server Authentication CA DV R36>",
"<cert(0x10881f000) s: Sectigo Public Server Authentication CA DV R36 i: Sectigo Public Server Authentication Root R46>",
"<cert(0x10881fa00) s: Sectigo Public Server Authentication Root R46 i: Sectigo Public Server Authentication Root R46>" ),
NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://xxxxxxxxxxxxx.co.uk/insertclocking, NSErrorFailingURLStringKey=https://xxxxxxxxxxxxx.co.uk/insertclocking, NSUnderlyingError=0x282a1a0d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x2815745a0>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x10881e600) s: *.xxxxxxxxxxxxx.co.uk i: Sectigo Public Server Authentication CA DV R36>",
"<cert(0x10881f000) s: Sectigo Public Server Authentication CA DV R36 i: Sectigo Public Server Authentication Root R46>",
"<cert(0x10881fa00) s: Sectigo Public Server Authentication Root R46 i: Sectigo Public Server Authentication Root R46>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <C3EFDBE5-89D2-4948-A3F5-A731FDFFB47F>.<2>" ), _kCFStreamErrorCodeKey=-9813, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <C3EFDBE5-89D2-4948-A3F5-A731FDFFB47F>.<2>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x2815745a0>,
NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xxxxxxxxx.co.uk” which could put your confidential information at risk.}
After contacting Sectigo, I had to install a CA bundle with cross-signed intermediate chain certificate AND delete the new root certificate on the server. That did the job. Thanks to all who helped.