今天Xcode打包时报错，查到log发现问题是签名不受信任。感觉很迷惑，开发证书，描述文件做成手顺都没问题呀，为什么不受信任呢？公钥也没有过期，用同事的公钥然后让他给我导出.p12文件安装仍然显示证书不受信任。😭


百度，谷歌都说可能是误删了AppleWWDRCA(Apple Worldwide Developer Relations Certification Authority)证书。赶快去检查了下，我的AppleWWDRCA文件有安装呀，为什么？？



尝试了各种重新下载安装后，仍然显示证书不受信任，崩溃了。还是去查官方文档吧。
还真让我找到了解决方法了。


原来这个文件AppleWWDRCA两个版本都要安装呀，我电脑上只有过期时间为2023年2月8号的版本，赶快安装上了2030年过期的版本，再打开钥匙串查看，果然变成绿色的信任，然后重新打包，一路顺畅。舒服😌



作为一个开发者，有一个学习的氛围跟一个交流圈子特别重要，这是一个我的iOS交流群：196800191，不管你是小白还是大牛欢迎入驻 ，分享BAT,阿里面试题、面试经验，讨论技术， 大家一起交流学习成长！
再次吐槽，iOS开发的各种证书，密钥太烦了😡
下载链接，内含下载地址
https://developer.apple.com/cn/support/code-signing/
原文作者：fuxiaofan

原文地址：https://www.jianshu.com/p/04448b2324a4

之前开发App的时候服务端使用的是自签名的证书，导致iOS开发过程中调用HTTPS接口时，证书不被信任
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandler{
    
    /*方法一*/
    if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
        NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
        if(completionHandler)
            completionHandler(NSURLSessionAuthChallengeUseCredential,credential);
    }
    
    /*方法二*/
//    SecTrustRef servertrust = challenge.protectionSpace.serverTrust;
//    SecCertificateRef certi= SecTrustGetCertificateAtIndex(servertrust, 0);
//    NSData *certidata = CFBridgingRelease(CFBridgingRetain(CFBridgingRelease(SecCertificateCopyData(certi))));
//    NSString *path = [[NSBundle mainBundle] pathForResource:@"证书名称" ofType:@"cer"];
    NSLog(@"证书 ： %@",path);
//    NSData *localCertiData = [NSData dataWithContentsOfFile:path];
//    if ([certidata isEqualToData:localCertiData]) {
//        NSURLCredential *credential = [[NSURLCredential alloc] initWithTrust:servertrust];
//        [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
//        completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
        NSLog(@"服务端证书认证通过");
//    }else {
//        completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
//        NSLog(@"服务端认证失败");
//    }
    
}

这里有两个方法，第一个是信任所有证书，第二个是把服务端自签名的证书放到本地，类似白名单的样子去加载
源码
HttpRequest.h
//
//  HttpRequest.h
//
//  Created by Michael Zhan on 2017/5/17.
//  Copyright © 2017年 Michael Zhan. All rights reserved.
//

#import <Foundation/Foundation.h>

static NSString * const baseUrl = @"http://";

typedef void (^SuccessBlock)(NSString * data);
typedef void (^FailureBlock)(NSError * error);

@interface HttpRequest : NSObject <NSURLSessionTaskDelegate>

- (void)getWithDict:(NSString *)paramUrl NSDictionary:(NSDictionary *)paramDicet success:(SuccessBlock)successBlock failure:(FailureBlock)failureBlock;

- (void)postWithDict:(NSString *)paramUrl NSDictionary:(NSDictionary *)paramDicet success:(SuccessBlock)successBlock failure:(FailureBlock)failureBlock;

- (void)getWithString:(NSString *)paramUrl NSString:(NSString *)paramString success:(SuccessBlock)successBlock failure:(FailureBlock)failureBlock;

- (void)postWithString:(NSString *)paramUrl NSString:(NSString *)paramString success:(SuccessBlock)successBlock failure:(FailureBlock)failureBlock;

- (void)postWithDict2String:(NSString *)paramUrl NSDictionary:(NSDictionary *)paramDicet success:(SuccessBlock)successBlock failure:(FailureBlock)failureBlock;

@end

HttpRequest.m
//
//  HttpRequest.m
//
//  Created by Michael Zhan on 2017/5/17.
//  Copyright © 2017年 Michael Zhan. All rights reserved.
//

#import "HttpRequest.h"

@implementation HttpRequest

- (void)getWithDict:(NSString *)paramUrl NSDictionary:(NSDictionary *)paramDicet success:(SuccessBlock)successBlock failure:(FailureBlock)failureBlock{
    
    NSMutableString * mutableStringUrl = [[NSMutableString alloc] initWithString:paramUrl];
    [mutableStringUrl appendString:[HttpRequest convertToJsonData:paramDicet]];
    
    NSLog(@"url %@",mutableStringUrl);
    
    NSURL * url = [NSURL URLWithString:[mutableStringUrl stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLQueryAllowedCharacterSet]]];
    
    NSURLRequest * request = [NSURLRequest requestWithURL:url cachePolicy:NSURLRequestReloadIgnoringLocalCacheData timeoutInterval:10];
    
    //2程序自动安装证书的方式
    NSURLSession * session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration] delegate:self delegateQueue:[[NSOperationQueue alloc]init]];
    
    NSURLSessionDataTask * dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
        if (error) {
            failureBlock(error);
        } else {
            NSString * result = [[NSString alloc] initWithData:data  encoding:NSUTF8StringEncoding];
            successBlock(result);
        }
    }];
    [dataTask resume];
    
}

- (void)postWithDict:(NSString *)paramUrl NSDictionary:(NSDictionary *)paramDicet success:(SuccessBlock)successBlock failure:(FailureBlock)failureBlock{
    
    NSURL * url = [NSURL URLWithString:paramUrl];
    
    NSMutableURLRequest * request = [NSMutableURLRequest requestWithURL:url
                    cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:100];
    
    request.HTTPMethod = @"POST";
    NSString * jsonStr = [HttpRequest convertToJsonData:paramDicet];
    request.HTTPBody = [jsonStr dataUsingEncoding:NSUTF8StringEncoding];
    
    //2程序自动安装证书的方式
    NSURLSession * session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration] delegate:self delegateQueue:[[NSOperationQueue alloc]init]];
    
    NSURLSessionDataTask * dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
        if (error) {
            failureBlock(error);
            [session finishTasksAndInvalidate];
        } else {
            NSString * result = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
            successBlock(result);
            [session finishTasksAndInvalidate];
        }
    }];
    [dataTask resume];
}

- (void)postWithDict2String:(NSString *)paramUrl NSDictionary:(NSDictionary *)paramDicet success:(SuccessBlock)successBlock failure:(FailureBlock)failureBlock{
    
    NSURL * url = [NSURL URLWithString:paramUrl];
    
    NSMutableURLRequest * request = [NSMutableURLRequest requestWithURL:url cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:100];
    
    request.HTTPMethod = @"POST";
    NSString * jsonStr = [NSString stringWithFormat:@"%@",paramDicet];
    request.HTTPBody = [jsonStr dataUsingEncoding:NSUTF8StringEncoding];
    request.timeoutInterval = 10;
    request.cachePolicy = NSURLRequestReloadIgnoringLocalCacheData;
    
    
    //2程序自动安装证书的方式
    NSURLSession * session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration] delegate:self delegateQueue:[[NSOperationQueue alloc]init]];
    
    NSURLSessionDataTask * dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
        if (error) {
            failureBlock(error);
            [session finishTasksAndInvalidate];
        } else {
            NSString * result = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
            successBlock(result);
            [session finishTasksAndInvalidate];
        }
    }];
    [dataTask resume];
}

- (void)getWithString:(NSString *)paramUrl NSString:(NSString *)paramString success:(SuccessBlock)successBlock failure:(FailureBlock)failureBlock{
   
    NSMutableString * mutableStringUrl = [[NSMutableString alloc] initWithString:paramUrl];
    [mutableStringUrl appendString:paramString];
    
    NSLog(@"url %@",mutableStringUrl);
    NSURL * url =[NSURL URLWithString:[mutableStringUrl stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLQueryAllowedCharacterSet]]];
    
    NSURLRequest * request = [NSURLRequest requestWithURL:url cachePolicy:NSURLRequestReloadIgnoringLocalCacheData timeoutInterval:10];
    
    //2程序自动安装证书的方式
    NSURLSession * session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration] delegate:self delegateQueue:[[NSOperationQueue alloc]init]];
    
    NSURLSessionDataTask * dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
        if (error) {
            failureBlock(error);
            [session finishTasksAndInvalidate];
        } else {
            NSString * result = [[NSString alloc] initWithData:data  encoding:NSUTF8StringEncoding];
            successBlock(result);
            [session finishTasksAndInvalidate];
        }
    }];
    [dataTask resume];

}

- (void)postWithString:(NSString *)paramUrl NSString:(NSString *)paramString success:(SuccessBlock)successBlock failure:(FailureBlock)failureBlock{
    
    NSURL * url = [NSURL URLWithString:paramUrl];
    
    NSMutableURLRequest * request = [NSMutableURLRequest requestWithURL:url cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:100];
    request.HTTPMethod = @"POST";
    request.HTTPBody = [paramString dataUsingEncoding:NSUTF8StringEncoding];
    request.timeoutInterval = 10;
    request.cachePolicy = NSURLRequestReloadIgnoringLocalCacheData;
    
    //2程序自动安装证书的方式
    NSURLSession * session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration] delegate:self delegateQueue:[[NSOperationQueue alloc]init]];

    NSURLSessionDataTask * dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
        if (error) {
            failureBlock(error);
             [session finishTasksAndInvalidate];
        } else {
            NSString * result = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
            successBlock(result);
             [session finishTasksAndInvalidate];
        }
    }];
    [dataTask resume];
}

+ (NSString *)convertToJsonData:(NSDictionary *)dict{
    NSError *error;
    NSData *jsonData = [NSJSONSerialization dataWithJSONObject:dict options:NSJSONWritingPrettyPrinted error:&error];
    NSString *jsonString;
    if (!jsonData) {
        NSLog(@"%@",error);
    }else{
        jsonString = [[NSString alloc]initWithData:jsonData encoding:NSUTF8StringEncoding];
    }
    NSMutableString *mutStr = [NSMutableString stringWithString:jsonString];
    NSRange range = {0,jsonString.length};
    //去掉字符串中的空格
    [mutStr replaceOccurrencesOfString:@" " withString:@"" options:NSLiteralSearch range:range];
    NSRange range2 = {0,mutStr.length};
    //去掉字符串中的换行符
    [mutStr replaceOccurrencesOfString:@"\n" withString:@"" options:NSLiteralSearch range:range2];
    return mutStr;
}

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandler{
    
    /*方法一*/
    if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
        NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
        if(completionHandler)
            completionHandler(NSURLSessionAuthChallengeUseCredential,credential);
    }
    
    /*方法二*/
//    SecTrustRef servertrust = challenge.protectionSpace.serverTrust;
//    SecCertificateRef certi= SecTrustGetCertificateAtIndex(servertrust, 0);
//    NSData *certidata = CFBridgingRelease(CFBridgingRetain(CFBridgingRelease(SecCertificateCopyData(certi))));
//    NSString *path = [[NSBundle mainBundle] pathForResource:@"zwp" ofType:@"cer"];
    NSLog(@"证书 ： %@",path);
//    NSData *localCertiData = [NSData dataWithContentsOfFile:path];
//    if ([certidata isEqualToData:localCertiData]) {
//        NSURLCredential *credential = [[NSURLCredential alloc] initWithTrust:servertrust];
//        [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
//        completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
        NSLog(@"服务端证书认证通过");
//    }else {
//        completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
//        NSLog(@"服务端认证失败");
//    }
    
}

@end

在实际开发中，后台服务器开发人员为了方便自建证书,有时候这些证书不受苹果官方信任，此时App显示的是一片空白，用SDWebImage加载不了图片，从服务器获取不了数据，AFN请求也是被忽略了。细心的你会发现控制台打印一串提示信息，大概的内容是提醒CA证书不被信任，请更换合适的证书。
解决办法是叫后台更换证书，如果你不想更换证书的话，也可以通过代码来调整，信任服务器的证书。
       
//采用NSURLConnection进行网络请求，会调用此方法
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    
    //证书处理
    //后台自建证书,因为证书无效导致AFN请求被取消,此段代码用在外网测试环境
    if([kBaseURL rangeOfString:@"testapp.gtax.cn"].location != NSNotFound){
        
    }
    // 判断是否是信任服务器证书
    if(challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
        // 告诉服务器，客户端信任证书
        // 创建凭据对象
        NSURLCredential *credntial = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
        // 告诉服务器信任证书
        [challenge.sender useCredential:credntial forAuthenticationChallenge:challenge];
    }

}


那么，在AFN中如何绕过证书验证呢？对，设置AFSecurityPolicy参数：

//证书处理
        //后台自建证书,因为证书无效导致AFN请求被取消,此段代码用在外网测试环境
        if([kBaseURL rangeOfString:@"testapp.gtax.cn"].location != NSNotFound){
            AFSecurityPolicy * securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
            securityPolicy.allowInvalidCertificates = YES;
            securityPolicy.validatesDomainName = NO;
            self.requestManager.securityPolicy = securityPolicy;
        }

某天清理过钥匙串中的证书后，再双击安装证书时便提示证书不受信任，情况如下图：

查遍了钥匙串的各种设置，依然没有解决，都做好要重装系统的准备了，不愿那么麻烦装系统的我，在网上看到一篇证书无效的文章，抱着试试的态度，没想到还真解决了。
造成这个问题的原因是：清理钥匙串证书时，一不小心把AppleWWDRCA这个证书给删除。
解决办法：下载AppleWWDRCA重新安装。下载链接：https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
步骤：
1、下载最新的AppleWWDRCA证书，双击安装到“登录”项的钥匙串下；
2、然后在安装你的开发证书或者发布证书就可以了。
了解一下AppleWWDRCA证书：

AppleWWDRCA(Apple Worldwide Developer Relations Certification Authority)证书：实际上就是对iOS证书（dev和dis证书）的授权证书，其公钥用于解密证书的可靠性。iOS以及Mac OS X系统（在安装Xcode时）将自动安装AppleWWDRCA.cer(Apple Worldwide Developer Relations Certification Authority)这个中间证书（Intermediate Certificates）。
参考：https://www.jianshu.com/p/200fe4e0bf7d点击打开链接