Msso_config should contain all certificates in the certificate chain [iOS only]

book

Article ID: 8110

calendar_today

Updated On:

Products

CA Rapid App Security CA Mobile API Gateway CA Mobile - APP Services CA API Gateway

Issue/Introduction

When using a Public CA cert on the Gateway, the MSSO EXPORT function that developers use as the base to any app will NOT contain the chain of certificates that has in a Public CA cert. It currently only includes the first cert. Because of this, iOS Apps will fail to validate and therefore will NOT connect to the server returning the following error:

 

Error Domain=com.ca.MASFoundation:ErrorDomain Code=-999 "cancelled" UserInfo={NSLocalizedDescription=cancelled, status-code=0})

Environment

Release:
Component: APIMBL

Resolution

In order to use iOS SDK with CA sigend cert, the msso_config should contain ALL certificates in the chain, from the root to the leaf certs in certificate section as in array, entered manually. 

Additional Information

This issue ONLY occurs with iOS because the SDK validates ALL certs in the chain. Android is not doing that but it will do later down in the road once that is the safest and secure way.

 

This is being tracked by our Development team to come up with a permanent fix (US363521)