@DTS Engineer are you still there, please?

Hi Quinn Sorry for the break - I've been on holiday. So I went through all 137 steps using the Certificate Assistant to create the Root CA and then the SSL server certificate for my domain (xpedite.local). I was very careful to follow the instructions to the letter. I converted both certificates to Base64, appended the RootCA to the xpedite.crt and added the crt and key to my vhosts file. Browsing to the website didn't work. I then used the KeyChain to "Always trust" the Root CA (this didn't happen by default, and the images from the article showed the same issue all the way through. Browsing to the website now works. Using my Swift app (in the simulator) still fails with the same error (below). Connection 1: default TLS Trust evaluation failed(-9813) Connection 1: TLS Trust encountered error 3:-9813 Connection 1: encountered error(3:-9813) Task <01D12F73-55BB-4C12-8FD6-3510D284C9FF>.<1> HTTP load failed, 0/0 bytes (error code: -1202 [3:-9813]) Task <01D12F73-55BB-4C12-8FD6-3510D284C9FF>.<1> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xpedite.local” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x102832400) s: Xpedite Software i: JacarandaCA2>", "<cert(0x102832c00) s: JacarandaCA2 i: JacarandaCA2>" I haven't really made any progress. Hoping you can help me get over this very annoying hurdle. Cheers Murray

Hi Quinn mkcert = 3 steps to create a certificate Certificate Assistant = 137 steps to create a certificate I have used the Certificate Assistant before (like 10 years ago), and it took a while to step through but it did work. Obviously the mkcert was very attractive as it is so much quicker. I will try the Certificate Assistant and hopefully get a better result. Cheers Murray

[made a mistake - but can't remove the reply]

Hi Quinn If it were only that easy! I used mkcert to create a CAROOT certificate and a certificate for my web server. The CAROOT is installed in the key chain, and trusted. The certificate for the web server (https://xpedite) is installed in vhosts ServerName xpedite ServerAdmin murray@focus-computing.com.au DocumentRoot "/Users/murraycollingwood/dev/xpedite/xpedite-website/build" DirectoryIndex index.php ui/home.php home.php <Directory /> Options -Indexes Require all granted </Directory> ErrorLog "/Users/murraycollingwood/dev/xpedite/xpedite-website/error.log" CustomLog "/Users/murraycollingwood/dev/xpedite/xpedite-website/access.log" combined SSLEngine on SSLCertificateFile /Users/murraycollingwood/local-cert/xpedite.pem SSLCertificateKeyFile /Users/murraycollingwood/local-cert/xpedite-key.pem SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off </VirtualHost> From Chrome when I visit the website it looks fine. Even after all this I'm still getting the same errors. Connection 1: default TLS Trust evaluation failed(-9807) Connection 1: TLS Trust encountered error 3:-9807 Connection 1: encountered error(3:-9807) Task <372F75AC-F140-426B-B324-F566412E9712>.<1> HTTP load failed, 0/0 bytes (error code: -1202 [3:-9807]) Task <372F75AC-F140-426B-B324-F566412E9712>.<1> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xpedite” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x10404c200) s: murraycollingwood@192-168-1-20.tpgi.com.au (Murray Collingwood) i: mkcert murraycollingwood@kohekohe.local (Murray Collingwood)>" ), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://xpedite/rx/rx.php, NSErrorFailingURLStringKey=https://xpedite/rx/rx.php, NSUnderlyingError=0x600000c60330 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600003305180>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9807, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9807, kCFStreamPropertySSLPeerCertificates=( "<cert(0x10404c200) s: murraycollingwood@192-168-1-20.tpgi.com.au (Murray Collingwood) i: mkcert murraycollingwood@kohekohe.local (Murray Collingwood)>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <372F75AC-F140-426B-B324-F566412E9712>.<1>" ), _kCFStreamErrorCodeKey=-9807, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <372F75AC-F140-426B-B324-F566412E9712>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600003305180>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xpedite” which could put your confidential information at risk.} I have the name 'xpedite' in my /etc/hosts: ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost jacaranda sobs flat isolink xpedite 255.255.255.255 broadcasthost ::1 localhost xpedite I feel like I'm missing a step here, but I'm not sure where it is. Hoping you can help. Cheers Murray

Hello @DTS Engineer Are you still there?

This is a development certificate only. The final production version will access using a real certificate. So ideally I just want a method that will work for my development environment please? Cheers Murray

Hi Quinn Thanks for your assistance, I appreciate it. The "DataCallBack" is my function is used to send a request to a web server and handle the response. let URL = NSURL(string: serverUrl)! var urlRequest = URLRequest(url: URL as URL) urlRequest.httpMethod = "POST" urlRequest.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type") urlRequest.setValue("keep-alive", forHTTPHeaderField: "Connection") urlRequest.httpBody = formData.data(using: String.Encoding.utf8) // This is the call to the server - response is handled by a closure let task = Singleton.shared.getUrlSession().dataTask(with: urlRequest) { (data, response, error) in .... } Do you need more code??? There were more messages in the response, but I'm having trouble identifying what the base issue is. Task <2844EFE1-427E-4239-A00F-6538186A598E>.<1> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xpedite” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x10582ac00) s: murraycollingwood@192-168-1-20.tpgi.com.au (Murray Collingwood) i: mkcert murraycollingwood@kohekohe.local (Murray Collingwood)>" ), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://xpedite/rx/rx.php, NSErrorFailingURLStringKey=https://xpedite/rx/rx.php, NSUnderlyingError=0x600000c64060 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x6000033015e0>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9807, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9807, kCFStreamPropertySSLPeerCertificates=( "<cert(0x10582ac00) s: murraycollingwood@192-168-1-20.tpgi.com.au (Murray Collingwood) i: mkcert murraycollingwood@kohekohe.local (Murray Collingwood)>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <2844EFE1-427E-4239-A00F-6538186A598E>.<1>" ), _kCFStreamErrorCodeKey=-9807, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <2844EFE1-427E-4239-A00F-6538186A598E>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x6000033015e0>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xpedite” which could put your confidential information at risk.} Is it just that there is no response or that the response isn't a in a JSON format? I think that's just a red herring. Cheers mc

I should also mention, the url domain name I use from Chrome is the same url domain name I use from Swift.