CA Mobile API Gateway: Certificate Pinning on IOS

Document ID : KB000122384
Last Modified Date : 04/12/2018
Show Technical Document Details
Issue:
When trying to enable "enable_public_key_pinning", "trusted_public_pki" and "trusted_cert_pinned_public_key_hashes" in MSSO JSON for iOS, the Application crashes and fails to execute MAS Start. However when we enable the same for Android the application runs without issue.
Resolution:
This is due a difference between iOS and Android on how to setup the public key hashes in the msso_config file. 
The Android SDK expects the public key hash to be set in plain text in a array of arrays: 

Example:
"trusted_cert_pinned_public_key_hashes": [["c4a0e44297fc2c349cfbf4c8116fb81547ae41f4219b934ca005221b6152b433"], 
["f1c167129ec72dc0cd18d93bd8817f607966e1eb04c7a22bbcdcfcd7c797073a"]], 


However, the iOS SDK expects the public key hash to be set in a base64 format in a array of strings: 

Example:
"trusted_cert_pinned_public_key_hashes": ["47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", "HaDE0F3aPsDAqDRYZHYUGM5An8dlCCTRjwR7A1+xOqU="], 

Be sure to use the correct format depending on your OS.