Certificate pinning failing in iOS

989 views Asked by At

We are developing an application using IBM MobileFirst Platform Foundation v7.1. Currently we are in UAT phase. The app supports both Android and iOS.

We implemented certificate pinning for our application. The MobileFirst Server is maintained by the network team, which provided me with a public certificate with "cer" extension (com.uat.myapp.cer). I included this public certificate in my project under the certificate folder and wrote the certificate pinning code in the main.js file.

The Android application is working fine and SSL Handshake with the MobileFirst Server is happening. The application is working properly.

The iOS application though is not able to connect to the MobileFirst Server with the following error:

An SSL error has occurred and a secure connection to the server cannot be made".

I converted the .cer certificate to .der certificate (com.uat.myapp.der) using the following portal: https://www.sslshopper.com/ssl-converter.html and placed it in the application but I still ended up with the same error.

Please find the below error logs for more information:

-[WLAFHTTPRequestOperationManagerWrapper requestFailed:error:] in  WLAFHTTPRequestOperationManagerWrapper.m:390 :: Response Error : An SSL error has occurred and a secure connection to the server cannot be made. 2016-12-26 19:38:49.301 MyApp[1419:26347] [DEBUG] [WORKLIGHT]
+[WLClient sharedInstance] in WLClient.m:165 :: IBMMobilieFirstFoundation.framework version = 7.1-2016/05/28 17:08:17

-[WLRequest requestFailed:error:] in WLRequest.m:509 :: Status code='0' error='An SSL error has occurred and a secure connection to the server cannot be made.' response='(null)'

2016-12-26 19:38:49.302 MyApp[1419:26347] [DEBUG] [WL_REQUEST]
-[WLRequest requestFailed:error:] in WLRequest.m:512 :: Response Header: (null) Response Data: (null)

2016-12-26 19:38:49.302 MyApp[1419:26347] [DEBUG] [WL_AUTH]
-[WLAuthorizationManager failRegistratioWithResponse:] in WLAuthorizationManager.m:866 :: Response does not contain a valid certificate and client Id. device registration failed

2016-12-26 19:38:49.306 MyApp[1419:26347] [DEBUG] [CERTIFICATE_MANAGER] +[WLCertManager removeKey:] in WLCertManager.m:262 :: Key was successfully removed.
1

There are 1 answers

0
Idan Adar On

My hunch is that the domain specified in the certificate does not match the actual server host or IP used by the application.

  1. Use keytool verify that the certificate indeed contains the required host/ip values.
  2. In your application, make sure that the application indeed attempts to connect to the same server host/ip.