Troubleshooting Secure Network Communication

This Knowledge Base article describes how to troubleshoot network connectivity problems between your mobile apps and your servers.

To simplify the troubleshooting process, Appdome has created dedicated debugging apps for iOS and Android, to assist you in testing the network connections. The apps can be made available upon request from Appdome support.

These debugging apps are manually integrated with Appdome’s Trusted Session mechanism and inspect the user secured network connections.

Prerequisites for using Secure Network Communication Debug App

  • The debugging app (iOS or Android, available upon request from the Appdome support team).
  • Mobile device (iOS or Android) with access to the tested servers.
  • The servers URLs which your app connects to.

How to Use the Secure Network Communication Debug App

After you received the Secured Network Communication Debugging App from the support team, you’ll need to install in on your device.

You will receive an installation link:

Debug app download link

You can access this link in your mobile device’s browser and install the app directly on your phone (you might need to allow installation of apps from “unknown sources”).

Alternatively, you can access the link with a PC, and download the binary to sideload the app. For Android devices, you can sideload it from the Command Line Through ADB (Android debug bridge), or services like AirDroid to install the app. For iOS devices, you can sideload the debug app using MacOS.

Once you have the app ready, follow these steps:

iOS Debug App

  1. Launch the app
  2. Enter the server URL that your app is connecting during its run time.
  3. Click on the UIWebView browser
  4. The requested browser will be opened and you will be redirected to the entered server URL

The Secured Network Communication Debugging App will inspect the connection for anything that looks suspicious. Once the app detects an unprotected connection (for example, expired certificate, not allowed cipher suite, etc) it will alert the problem with a pop-up custom notification

For example, here is a notification about an expired certificate:

5.  To close the browser and return to the debug app main screen, click on Close

Android Debug App

  1. Launch the app
  2. Enter the server URL that your app is connecting during its run time.
  3. Click GO
  4. You will be redirected to the entered server URL

The Secured Network Communication Debugging App will inspect the connection for anything that looks suspicious. Once the app detects an unprotected connection (for example, expired certificate, not allowed cipher suite, etc) it will alert the problem with a pop-up custom notification

For example, here is a notification about an expired certificate:

5.  To refresh the connection, click on GO again

Common Network Error Notifications

Notification Troubleshooting
The certificate has expired Check the expiration date of the certificates in your SSL certificates chain.
The issuer certificate of a locally looked up certificate could not be found.
This normally means the list of trusted certificates is not complete.
Verify that the identity of the Intermediate Certificate Authority (CA) certificate isn’t missing and recognized on the device.
The certificate was not found in the list of trusted certificates. Add the relevant certificate to your SSL certificates chain.
The TLS version is not 1.2 Verify the app is using TLS 1.2 version for network communication.

Appdome can assist the user to Enforce TLS Versions.

The Hostname didn’t match the hostname in the certificate Verify the hostname in the certificate is the same host that your app tries to access.
Leaf certificate shouldn’t be CA Change the leaf certificate in your SSL certificates chain.
Non-leaf certificate should be CA Verify all the certificated in the certificates chain are valid.
Appdome can assist the user to Enforce Certificates Roles.
Only specific cipher suites are allowed Verify the cipher suite the connection is using was defined in the allowed cipher suites.
Appdome can assist the user to Enforce TLS Cipher-Suites.
The certificate doesn’t have basic constraints The error occurs because basicConstraints extension in one of the basic CA certificates is not set to TRUE.
One of the basic CA certificates is not enabled to sign other public keys to generate client certificates.

You are welcome to contact Appdome’s support team with any questions.

Didn’t get any notification?

Great! Your network is configured and there are no connectivity problems between your mobile app and your servers.
You can now build your app with MitM Attack Protection using Appdome Trusted Session.

How Do I Learn More?

To zoom out on this topic, review our knowledge-based article on MitM Attack Protection using Appdome Trusted Session or Request a demo at any time.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.  

Liron Dror

Have a question?

Ask an expert

EvgenyuMaking your security project a success!