后台同事给的事.pem和.key文件,项目中要用cer证书,所以要转一下
pem证书转cer证书 命令:
1.openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cacert.key 先转p12
2.openssl pkcs12 -in cacert.p12 -out mycerts.crt -nokeys -clcerts 再转crt
3.openssl x509 -inform pem -in mycerts.crt -outform der -out mycerts.cer 最后转cer
引用证书代码:
_sessionManager = [[AFHTTPSessionManager manager] initWithBaseURL:[NSURL URLWithString:ServerPath]]; // 设置请求的超时时间 _sessionManager.requestSerializer.timeoutInterval = 30.f; NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"teststudent" ofType:@"cer"];//证书的路径 NSData *cerData = [NSData dataWithContentsOfFile:cerPath]; // 使用证书验证模式 AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate]; // 如果需要验证自建证书(无效证书),需要设置为YES securityPolicy.allowInvalidCertificates = YES; // 是否需要验证域名,默认为YES; securityPolicy.validatesDomainName = validatesDomainName; securityPolicy.pinnedCertificates = [[NSSet alloc] initWithObjects:cerData, nil]; [_sessionManager setSecurityPolicy:securityPolicy];
AFHTTPSessionManager注意一定要 initWithBaseURL 添加baseurl,直接[AFHTTPSessionManager manager]会报错:
A security policy configured with `AFSSLPinningModeCertificate` can only be applied on a manager with a secure base URL (i.e. https)。闪退