Msso_config should contain all certificates in the certificate chain [iOS only]

Document ID : KB000008110
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When using a Public CA cert on the Gateway, the MSSO EXPORT function that developers use as the base to any app will NOT contain the chain of certificates that has in a Public CA cert. It currently only includes the first cert. Because of this, iOS Apps will fail to validate and therefore will NOT connect to the server returning the following error:

 

Error Domain=com.ca.MASFoundation:ErrorDomain Code=-999 "cancelled" UserInfo={NSLocalizedDescription=cancelled, status-code=0})

Resolution:

In order to use iOS SDK with CA sigend cert, the msso_config should contain ALL certificates in the chain, from the root to the leaf certs in certificate section as in array, entered manually. 

Additional Information:

This issue ONLY occur in the iOS because the SDK validates agains ALL certs in the chain. Android is not doing that but it will do later down in the road once that is the safest and secure way.

 

This is being tracked by our Development team to come up with a permanent fix (US363521)