Thursday, August 22, 2013

Even though server's self-signed SSL certificate has been imported and trusted, but iPad won't start SSL connection due to CN doesn't match hostname.

Confirmed:
Even though server's self-signed SSL certificate has been imported and trusted, but iPad won't start SSL connection due to CN doesn't match hostname.

Application Setup:

  • WLS Server configured with self-signed SSL certificate (whose CN=my_company_name doesn't match its DNS name, appserver.mydomain.com)
  • Application (java) deployed on WLS
  • Mobile Application (phonegapped) on mobile devices (iPad, Android) 
Verification Goal:
  • Can mobile application from device communicate with App services via HTTPS in the above settings?
Verification Steps:
  1. import WLS's self-signed SSL certificate into iPad as trusted certificate
  2. launching mobile app to hit server via https
  3. Even though server's self-signed SSL certificate has been imported and trusted, but iOS won't start SSL connection due to CN doesn't match hostname.

** test output 
Aug 22 10:20:42 Dev-iPad-699600 amfid[179] <Error>: Aug 22 10:20:42  SecTrustEvaluate  [leaf CriticalExtensions IssuerCommonName]
Aug 22 10:20:43 Dev-iPad-699600 mobile[178] <Warning>: mobile launchOptions = ….. protocol=https
Aug 22 10:20:43 Dev-iPad-699600 mobile[178] <Warning>: Multi-tasking -> Device: YES, App: YES
Aug 22 10:20:43 Dev-iPad-699600 kernel[0] <Debug>: launchd[178] Builtin profile: container (sandbox)
Aug 22 10:20:43 Dev-iPad-699600 kernel[0] <Debug>: launchd[178] Container: /private/var/mobile/Applications/5E78D4F8-B359-4F99-905C-D09B00E88605 (sandbox)
Aug 22 10:20:43 Dev-iPad-699600 mobile[178] <Warning>: Resetting plugins due to page load.
Aug 22 10:20:43 Dev-iPad-699600 webinspectord[140] <Error>: libMobileGestalt copySystemVersionDictionaryValue: Could not lookup ReleaseType from system version dictionary
Aug 22 10:20:43 Dev-iPad-699600 mobile[178] <Warning>: Finished load of: file:///var/mobile/Applications/5E78D4F8-B359-4F99-905C-D09B00E88605/mobile.app/www/index.html
Aug 22 10:20:43 Dev-iPad-699600 mobile[178] <Warning>: Resetting plugins due to page load.
Aug 22 10:20:43 Dev-iPad-699600 mobile[178] <Error>: Aug 22 10:20:43  SecTrustEvaluate  [leaf SSLHostname]
Aug 22 10:20:43 Dev-iPad-699600 mobile[178] <Warning>: Failed to load webpage with error: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “appserver.dev.mydomain.com” which could put your confidential information at risk.

** end


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)