I am getting this error:
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “x.x.x.x” which could put your confidential information at risk."
When trying to test my dotnet core webapi on my local machine from a xcode iPhone 13 simulator.
The ip is a static from the dhcp server. I am developing APIs using dotnet core using vs code on a mac, so Kestrel is hosting the APIs. I have a developer cert in the keychain ("Developer CA") and can hit the APIs from Postman and an Android emulator using Android Studio. I got that working with a .pfx file, but clearly that's not ok for iPhone testing.
This is the code I'm using in xCode to test it out.
Button("Call API") {
print("Calling API")
Task {
let (data, _) = try await URLSession.shared.data(from: URL(string: "https://localhost:5001/api/v1.0/testapi/1")!)
let decodedResponse = try? JSONDecoder().decode(ApiData.self, from: data)
apiResponse = decodedResponse?.value ?? ""
}
}
In the ContentView I have:
@State private var apiResponse: String = ""
And there is also a struct:
struct ApiData: Codable {
let value: String
}
I have replaced localhost with the ip (as referenced in the error message above).
I created this post when I was trying to connect to the api through the android emulator, and eventually got that working. It references this post with a Kestrel configuration:
{
"Certificates": {
"HTTPS": {
"Source": "Store",
"StoreLocation": "CurrentUser",
"StoreName": "My",
"Subject": "CN=localhost",
"AllowInvalid": true
}
}
}
I tried a variety of settings because I do have a cert following these instructions from developer.apple.com. And I did export it and drag it onto the Simulator.
I also looked at this post, but looks like a different problem as it was working fine on the simulator. I looked at this post as well, but this was 8 years ago and I'm not sure coding specific domains into the session is a good approach.
I have been through a lot of documentation on certificates (like this, this, and this), dotnet/kestrel specific ssl links (like this one, this one, and this one), but getting that right combination of recent, with kestrel, on a mac, for both android emulator and ios simulator has been challenging.
Does anybody have the specific steps? I think the kestrel configuration for the Developer CA that I have is the current path and seems correct, but I don't really know.
UPDATE
I tried with this configuration:
"Kestrel": {
"Certificates": {
"Default": {
"Source": "Store",
"StoreLocation": "CurrentUser",
"StoreName": "My",
"Subject": "CN=Dev CA",
"AllowInvalid": true
}
},
"EndPoints": {
"Https": {
"Url": "https://*:5001"
}
}
},
and got this error:
Error:
Exception has occurred: CLR/System.InvalidOperationException An unhandled exception of type 'System.InvalidOperationException' occurred in System.Private.CoreLib.dll: 'The requested certificate CN=Dev CA could not be found in CurrentUser/My with AllowInvalid setting: True.' at Microsoft.AspNetCore.Server.Kestrel.Https.CertificateLoader.LoadFromStoreCert(String subject, String storeName, StoreLocation storeLocation, Boolean allowInvalid) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadFromStoreCert(CertificateConfig certInfo) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig
At least I'm getting an error, so if I figure this out I will know. I am trying to follow this and this.
