diff --git a/Signal/Signal-Info.plist b/Signal/Signal-Info.plist
index 11c7cc0ef..ef60dcb6f 100644
--- a/Signal/Signal-Info.plist
+++ b/Signal/Signal-Info.plist
@@ -128,10 +128,5 @@
 	</array>
 	<key>UIViewControllerBasedStatusBarAppearance</key>
 	<true/>
-		<key>NSAppTransportSecurity</key>
-	  <dict>
-	      <key>NSAllowsArbitraryLoads</key>
-	      <true/>
-	  </dict>
- </dict>
+</dict>
 </plist>
diff --git a/Signal/src/AppDelegate.m b/Signal/src/AppDelegate.m
index 61b16934c..1b4f31e50 100644
--- a/Signal/src/AppDelegate.m
+++ b/Signal/src/AppDelegate.m
@@ -1108,10 +1108,6 @@ static NSTimeInterval launchStartedAt;
     // Resume lazy restore.
     [OWSBackupLazyRestoreJob runAsync];
 #endif
-
-    if ([TSAccountManager isRegistered]) {
-        [[ContactDiscoveryService sharedService] testService];
-    }
 }
 
 - (void)registrationStateDidChange
diff --git a/SignalServiceKit/Resources/Certificates/acton-ca.cer b/SignalServiceKit/Resources/Certificates/acton-ca.cer
deleted file mode 100644
index df46c2fdb..000000000
Binary files a/SignalServiceKit/Resources/Certificates/acton-ca.cer and /dev/null differ
diff --git a/SignalServiceKit/Resources/Certificates/cacert.cer b/SignalServiceKit/Resources/Certificates/cacert.cer
deleted file mode 100644
index f41592df1..000000000
Binary files a/SignalServiceKit/Resources/Certificates/cacert.cer and /dev/null differ
diff --git a/SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m b/SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m
index a2f01bf5f..8aaecbb98 100644
--- a/SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m
+++ b/SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m
@@ -20,22 +20,16 @@
     self = [[super class] defaultPolicy];
 
     if (self) {
-        //        self.pinnedCertificates = [NSSet setWithArray:@[
-        //                                                        [self certificateDataForService:@"cacert"],
-        //                                                        ]];
-        //        self.pinnedCertificates = [NSSet setWithArray:@[
-        //            [self certificateDataForService:@"acton-ca"],
-        //        ]];
-        //
-        self.allowInvalidCertificates = YES;
+        self.pinnedCertificates = [NSSet setWithArray:@[
+            [self certificateDataForService:@"textsecure"],
+        ]];
     }
 
     return self;
 }
 
 - (NSArray *)certs {
-    return @[ (__bridge id)[self certificateForService:@"cacert"] ];
-    //    return @[ (__bridge id)[self certificateForService:@"acton-ca"] ];
+    return @[ (__bridge id)[self certificateForService:@"textsecure"] ];
 }
 
 - (NSData *)certificateDataForService:(NSString *)service {
@@ -58,29 +52,28 @@
 
 
 - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domain {
-    //    NSMutableArray *policies = [NSMutableArray array];
-    //    [policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)];
-    //
-    //    if (SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies) != errSecSuccess) {
-    //        DDLogError(@"The trust policy couldn't be set.");
-    //        return NO;
-    //    }
-    //
-    //    NSMutableArray *pinnedCertificates = [NSMutableArray array];
-    //    for (NSData *certificateData in self.pinnedCertificates) {
-    //        [pinnedCertificates
-    //            addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge
-    //            CFDataRef)certificateData)];
-    //    }
-    //
-    //    if (SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates) != errSecSuccess) {
-    //        DDLogError(@"The anchor certificates couldn't be set.");
-    //        return NO;
-    //    }
-    //
-    //    if (!AFServerTrustIsValid(serverTrust)) {
-    //        return NO;
-    //    }
+    NSMutableArray *policies = [NSMutableArray array];
+    [policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)];
+
+    if (SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies) != errSecSuccess) {
+        DDLogError(@"The trust policy couldn't be set.");
+        return NO;
+    }
+
+    NSMutableArray *pinnedCertificates = [NSMutableArray array];
+    for (NSData *certificateData in self.pinnedCertificates) {
+        [pinnedCertificates
+            addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData)];
+    }
+
+    if (SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates) != errSecSuccess) {
+        DDLogError(@"The anchor certificates couldn't be set.");
+        return NO;
+    }
+
+    if (!AFServerTrustIsValid(serverTrust)) {
+        return NO;
+    }
 
     return YES;
 }
diff --git a/SignalServiceKit/src/TSConstants.h b/SignalServiceKit/src/TSConstants.h
index 76dff0bd4..375f09609 100644
--- a/SignalServiceKit/src/TSConstants.h
+++ b/SignalServiceKit/src/TSConstants.h
@@ -22,27 +22,30 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) {
 #define kLegalTermsUrlString @"https://signal.org/legal/"
 #define SHOW_LEGAL_TERMS_LINK
 
-// Production
-//#define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/"
-//#define textSecureServerURL @"https://textsecure-service.whispersystems.org/"
-//#define textSecureCDNServerURL @"https://cdn.signal.org"
-//// Use same reflector for service and CDN
-//#define textSecureServiceReflectorHost @"textsecure-service-reflected.whispersystems.org"
-//#define textSecureCDNReflectorHost @"textsecure-service-reflected.whispersystems.org"
+#ifdef DEBUG
+#define CONTACT_DISCOVERY_SERVICE
+#endif
+
+//#ifndef DEBUG
 
-// Staging
-#define textSecureWebSocketAPI @"wss://textsecure-service-staging.whispersystems.org/v1/websocket/"
-#define textSecureServerURL @"https://textsecure-service-staging.whispersystems.org/"
-#define textSecureCDNServerURL @"https://cdn-staging.signal.org"
-#define textSecureServiceReflectorHost @"meek-signal-service-staging.appspot.com";
-#define textSecureCDNReflectorHost @"meek-signal-cdn-staging.appspot.com";
+// Production
+#define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/"
+#define textSecureServerURL @"https://textsecure-service.whispersystems.org/"
+#define textSecureCDNServerURL @"https://cdn.signal.org"
+// Use same reflector for service and CDN
+#define textSecureServiceReflectorHost @"textsecure-service-reflected.whispersystems.org"
+#define textSecureCDNReflectorHost @"textsecure-service-reflected.whispersystems.org"
 
-//// Testing
-//#define textSecureWebSocketAPI @"wss://messaging.acton-signal.org/v1/websocket/"
-//#define textSecureServerURL @"https://messaging.acton-signal.org/"
+//#else
+//
+//// Staging
+//#define textSecureWebSocketAPI @"wss://textsecure-service-staging.whispersystems.org/v1/websocket/"
+//#define textSecureServerURL @"https://textsecure-service-staging.whispersystems.org/"
 //#define textSecureCDNServerURL @"https://cdn-staging.signal.org"
 //#define textSecureServiceReflectorHost @"meek-signal-service-staging.appspot.com";
 //#define textSecureCDNReflectorHost @"meek-signal-cdn-staging.appspot.com";
+//
+//#endif
 
 #define textSecureAccountsAPI @"v1/accounts"
 #define textSecureAttributesAPI @"/attributes/"