最近，我剛剛把http 轉(zhuǎn)化為https，給還在糾結(jié)中的朋友們指導(dǎo)一二。

1、準(zhǔn)備證書

首先找后臺(tái)要一個(gè)證書（SSL證書,一般你跟后臺(tái)說要弄https，然后讓他給你個(gè)證書，他就知道了），我們需要的是.cer的證書。但是后臺(tái)可能給我們的是.crt的證書。我們需要轉(zhuǎn)換一下：打開終端 -> cd到.crt證書路徑 -> 輸入openssl x509 -in 你的證書.crt -out 你的證書.cer -outform der，證書就準(zhǔn)備好了，拖入工程，記得選copy。

文件截圖

2、修改AFN中問題，我看網(wǎng)上有新建一個(gè)類或類方法的

我是在AFHTTPSessionManager這個(gè)類中- (instancetype)initWithBaseURL:(NSURL *)url sessionConfiguration:(NSURLSessionConfiguration *)configuration 方法中直接添加的

__weak typeof(self) weakSelf = self;

[self setSessionDidReceiveAuthenticationChallengeBlock:^NSURLSessionAuthChallengeDisposition(NSURLSession *session, NSURLAuthenticationChallenge *challenge, NSURLCredential *__autoreleasing *_credential) {

/// 獲取服務(wù)器的trust object

SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust];

// 導(dǎo)入自簽名證書

//#warning 注意將你的證書加入項(xiàng)目，并把下面名稱改為自己證書的名稱

NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"證書名字" ofType:@"cer"];

NSData* caCert = [NSData dataWithContentsOfFile:cerPath];

if (!caCert) {

NSLog(@" ===== .cer file is nil =====");

return nil;

}

NSSet *cerArray =[NSSet setWithObject:caCert];

weakSelf.securityPolicy.pinnedCertificates = cerArray;

SecCertificateRef caRef = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)caCert);

NSCAssert(caRef != nil, @"caRef is nil");

NSArray *caArray = @[(__bridge id)(caRef)];

NSCAssert(caArray != nil, @"caArray is nil");

// 將讀取到的證書設(shè)置為serverTrust的根證書

OSStatus status = SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)caArray);

SecTrustSetAnchorCertificatesOnly(serverTrust,NO);

NSCAssert(errSecSuccess == status, @"SecTrustSetAnchorCertificates failed");

//選擇質(zhì)詢認(rèn)證的處理方式

NSURLSessionAuthChallengeDisposition disposition = NSURLSessionAuthChallengePerformDefaultHandling;

__autoreleasing NSURLCredential *credential = nil;

//NSURLAuthenticationMethodServerTrust質(zhì)詢認(rèn)證方式

if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {

//基于客戶端的安全策略來決定是否信任該服務(wù)器，不信任則不響應(yīng)質(zhì)詢。

if ([weakSelf.securityPolicy evaluateServerTrust:challenge.protectionSpace.serverTrust forDomain:challenge.protectionSpace.host]) {

//創(chuàng)建質(zhì)詢證書

credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];

//確認(rèn)質(zhì)詢方式

if (credential) {

disposition = NSURLSessionAuthChallengeUseCredential;

} else {

disposition = NSURLSessionAuthChallengePerformDefaultHandling;

}

} else {

//取消挑戰(zhàn)

disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;

}

} else {

disposition = NSURLSessionAuthChallengePerformDefaultHandling;

}

return disposition;

}];

如果你的項(xiàng)目中不含有webView wkWebView? ，將這個(gè)設(shè)置為NO或者刪掉，但是如果含有哪兩種的話，建議參考這個(gè)http://www.wosign.com/faq/faq-ios10-ats.htm

如果有不對(duì)的地方請(qǐng)多指教。。。。。