I am a iOS developer and our organization purchase Cloud OCR SDK for scanning business cards.

It work fine some time ago. but as I am testing my application that was not scanning business cards and give below error every time

Error Description:

Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “ocrsdk.blob.core.windows.net” which could put your confidential information at risk."

Please let me know what is was happening in CloudOcrSdk. And why this API return me that error.

This question is marked "community wiki".

asked 21 Mar '14, 18:50

Anastasia%20Galimova's gravatar image

Anastasia Ga... ♦♦

12next »

We're finding problems with the certificates that Abbyy use because they're provided by an ... exotic issuer.

Our issue is that we use Heroku who don't support their certificate and don't allow you to manually add the certificate as we don't have access to the file system.

For $300 Abbyy could buy a fully supported and recognised certificate that would solve a lot of these problems.


answered 22 Feb '16, 16:10

Dan%20Jacobs's gravatar image

Dan Jacobs

That message means that for whatever reason the client program doesn’t want to trust the SSL certificate of cloud.ocrsdk.com. That can happen

  • if our certificate has expired (it didn’t – we check that regularly)
  • or if the “certificate trust chain” got broken at your machine

because, for example, you installed some update and that changed the set of trusted root certificates or you changed your system and changes that set. This is what you can examine – open https://cloud.ocrsdk.com in your browser and when they do it the browser will display the lock sign near the address meaning that the connection is encrypted, when you click onto the lock and will be able to inspect the certificate and find why it is no longer trusted by the system.


answered 21 Mar '14, 18:55

Anastasia%20Galimova's gravatar image

Anastasia Ga... ♦♦

My backend just stopped working. It is service which connects to abbyy via https. This service runs in a docker-container which isn't changed the last 70 days. When I run some queries via curl from inside the docker container its observable that sometimes it works and sometimes not (ca. 50%)

curl https://cloud.ocrsdk.com
curl: (60) SSL certificate problem: unable to get local issuer certificate

Now via openssl:

openssl s_client -connect cloud.ocrsdk.com:443 -prexit -showcerts

Prints this http://pastebin.com/P6Nked8u

The important parts:

depth=0 OU = Domain Control Validated, CN = *.ocrsdk.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, CN = *.ocrsdk.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, CN = *.ocrsdk.com
verify error:num=21:unable to verify the first certificate
verify return:1

answered 22 Feb '16, 17:46

Jan-Philip%20Loos's gravatar image

Jan-Philip Loos

I think this is similar to what I am seeing accessing https://cloud.ocrsdk.com via mobile device. Our application started failing as soon as iOS 9.2.1 was released. Ours fails around 80% of the time. You can reproduce via browser on an iOS 9.2.1. Also, I just noticed that Android devices show certificate problems as well reproduces on Android 4.4.2 and 5.1.

(22 Feb '16, 19:44) ericpres

We had the same problem, started about a week ago. We're still trying to fix it. Our stack is Ruby running on Heroku!

I'm wondering if Abbyy have changed something recently?


answered 22 Feb '16, 17:49

Dan%20Jacobs's gravatar image

Dan Jacobs

Having the same issues with Java on both Windows and Linux. It seems (for the java side at least) to be caused by one of the GoDaddy CAs not being included in the root store; Because of SHA2, or something to that effect.

Abbyy might be powerless to fix this unless they move to a different cert provider.

Workaround: don't use https. :| bad workaround, but it keeps everything running.


answered 23 Feb '16, 01:20

DanRix's gravatar image


edited 23 Feb '16, 01:46

If you run a full check here https://www.digicert.com/help/, you will see the certificate is fine, issued by GoDaddy, but it's not bought directly from them and the problem seems to be that the Intermediate certificates are not supported (in our case) on Heroku.

From the url above

"SSL Certificate is not trusted

The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform."


answered 23 Feb '16, 13:09

Dan%20Jacobs's gravatar image

Dan Jacobs

We have the same problem. A lot of our customers using the https://cloud.ocrsdk.com with iOS and Android Apps. On different versions of iOS and Android. Strange thing is that it sometimes works. In about 10 % of the calls. It seems that some servers have a 'good' certificate and others not.

Also our app hasn't been changed since months. There must be somthing with the certificates on ABBYY servers! This is really a huge problem for us. Our customers are on tow huge exhibitions and using the business card function extensively.


answered 23 Feb '16, 16:37

Bernhard's gravatar image


Abbyy support, please forward this to your developer team. This is definitely solvable on your side! A new certificate which is signed by a top level company will cost hardly anything and ensure it's working/installed properly on all your servers!


answered 23 Feb '16, 17:23

Dan%20Jacobs's gravatar image

Dan Jacobs

Dear all,

We are extremely sorry for the delay in our response due to the state holidays in Russia. Indeed, for some reasons an intermediate certificate in a chain becomes invalid from time to time during last few days. We did not update the certificate and did no changes in the service, so we could not affect the validity of the certificate. Our IT and R&D departments are in contact with MS (service host) and GoDaddy (the certificate issuer) to find the cause. As soon as we get some new information, we will let you know.


answered 24 Feb '16, 12:50

Oksana%20Serdyuk's gravatar image

Oksana Serdyuk ♦♦

It would be cheaper and quicker to just get a new signed certificate without an intermediate!

In the meantime, my app isn't working, hundreds of users are affected and I'm seriously considering moving to another provider.


answered 24 Feb '16, 16:12

Dan%20Jacobs's gravatar image

Dan Jacobs

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 21 Mar '14, 18:50

Seen: 1,849 times

Last updated: 29 Feb '16, 14:29

© 2016 ABBYY. All rights Reserved. www.ABBYY.com | Privacy Policy | Legal