导入证书
//Base_URL就是你们服务器的URL前缀
AFHTTPSessionManager *sessionManager = [[AFHTTPSessionManager manager] initWithBaseURL:[NSURL URLWithString:Base_URL]];
// 先导入证书 证书由服务端生成,具体由服务端人员操作
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"app.wangdasong.top" ofType:@"cer"];//证书的路径
NSData *cerData = [NSData dataWithContentsOfFile:cerPath];
//配置
SecCertificateRef httpBinCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)(cerData));
NSSet *certSet = [[NSSet alloc] initWithObjects:(__bridge_transfer NSData *)SecCertificateCopyData(httpBinCertificate), nil];
// 根据二进制内容提取证书信息
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
[securityPolicy setAllowInvalidCertificates:NO];//是否允许使用自签名证书
[securityPolicy setPinnedCertificates:certSet];//设置去匹配服务端证书验证的证书
securityPolicy.pinnedCertificates = [[NSSet alloc]initWithObjects:cerData, nil];
[securityPolicy setValidatesDomainName:YES];//是否需要验证域名,默认YES
manager.securityPolicy = securityPolicy;
如获得的是crt格式文件,需转换为.cer:
打开终端,cd到.crt证书的路径下,
执行命令
openssl x509 -in 证书.crt -out 证书.cer -outform der
就会在桌面上看到一个.cer的证书。双击导入电脑,然后在钥匙串中找到证书,并设置信任。
直接把转换好的cer文件拖动到工程中
错误信息
参考链接:
链接1
链接2作者Tomous
网友评论