search cancel

Msso_config should contain all certificates in the certificate chain [iOS only]


Article ID: 8110


Updated On:


CA Rapid App Security CA Mobile API Gateway CA Mobile - APP Services CA API Gateway


When using a Public CA cert on the Gateway, the MSSO EXPORT function that developers use as the base to any app will NOT contain the chain of certificates that has in a Public CA cert. It currently only includes the first cert. Because of this, iOS Apps will fail to validate and therefore will NOT connect to the server returning the following error:


Error Code=-999 "cancelled" UserInfo={NSLocalizedDescription=cancelled, status-code=0})


Component: APIMBL


In order to use iOS SDK with CA sigend cert, the msso_config should contain ALL certificates in the chain, from the root to the leaf certs in certificate section as in array, entered manually. 

Additional Information

This issue ONLY occurs with iOS because the SDK validates ALL certs in the chain. Android is not doing that but it will do later down in the road once that is the safest and secure way.


This is being tracked by our Development team to come up with a permanent fix (US363521)