> > >

Use TLSVerify to Test TLS Connections for Mobile Apps

Learn how to troubleshoot TLS issues and other network connectivity issues between your mobile apps and your servers. To simplify the troubleshooting process, Appdome has created TLSVerify, a dedicated debugging apps for iOS and Android to assist you in testing the TLS connections of your mobile apps. This knowledge base articles describes how to use TLSVerify to test TLS connections for mobile apps.

Prerequisites to Use TLSVerify to Test TLS Connections for Mobile Apps

The debugging app (iOS or Android, available upon request from the Appdome support team).
Mobile device (iOS or Android) with access to the tested servers.
The servers URLs which your app connects to.

How to Use Use TLSVerify to Test TLS Connections for Mobile Apps

After you received the TLSVerify from the support team, you’ll need to install in on your device.

You will receive an installation link:

Debug app download link - troubleshooting TLS issues

You can access this link in your mobile device’s browser and install the app directly on your phone (you might need to allow installation of apps from “unknown sources”).

Alternatively, you can access the link with a PC, and download the binary to sideload the app. For Android devices, you can sideload it from the Command Line Through ADB (Android debug bridge), or services like AirDroid to install the app. For iOS devices, you can sideload the debug app using MacOS.

Once you have the app ready, follow these steps:

4 Easy Steps to Use TLSVerify to Test TLS Connections for Mobile Apps

Launch the TLSVerify app
Enter the server URL that your app is connecting during its run time.
Click on the UIWebView browser
The requested browser will be opened and you will be redirected to the entered server URL

Troubleshoot TLS issues

The TLSVerify App will inspect the connection for anything that looks suspicious. Once the app detects an unprotected connection. Many problems can be found when troubleshooting TLS issues. Some key examples are expired certificate, non-secure or disallowed cipher suite, old TLS version) it will alert the problem with a pop-up custom notification

For example, here is a notification about an expired certificate:
Troubleshoot TLS issues - expired certificate

5. To close the browser and return to the debug app main screen, click on Close

Using the Android Debug App to troubleshoot TLS issues

Launch the app
Enter the server URL that your app is connecting during its run time.
Click GO
You will be redirected to the entered server URL

The Secured Network Communication Debugging App will inspect the connection for anything that looks suspicious. Once the app detects an unprotected connection (for example, expired certificate, not allowed cipher suite, etc) it will alert the problem with a pop-up custom notification

For example, here is a notification about an expired certificate:

5. To refresh the connection, click on GO again

Common Network Error Notifications When Testing TLS Connections

Notification	Troubleshooting
The certificate has expired	Check the expiration date of the certificates in your SSL certificates chain.
The issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete.	Verify that the identity of the Intermediate Certificate Authority (CA) certificate isn’t missing and recognized on the device.
The certificate was not found in the list of trusted certificates.	Add the relevant certificate to your SSL certificates chain.
The TLS version is not 1.2	Verify the app is using TLS 1.2 version for network communication. Appdome can assist the user to Enforce TLS Versions.
The Hostname didn’t match the hostname in the certificate	Verify the hostname in the certificate is the same host that your app tries to access.
Leaf certificate shouldn’t be CA	Change the leaf certificate in your SSL certificates chain.
Non-leaf certificate should be CA	Verify all the certificated in the certificates chain are valid. Appdome can assist the user to Enforce Certificates Roles.
Only specific cipher suites are allowed	Verify the cipher suite the connection is using was defined in the allowed cipher suites. Appdome can assist the user to Enforce TLS Cipher-Suites.
The certificate doesn’t have basic constraints	The error occurs because basicConstraints extension in one of the basic CA certificates is not set to TRUE. One of the basic CA certificates is not enabled to sign other public keys to generate client certificates.

You are welcome to contact Appdome’s support team with any questions.

Didn’t get any notification?

Great! Your network is configured and there are no connectivity problems between your mobile app and your servers.
You can now build your app with MitM Attack Protection using Appdome Trusted Session.

How Do I Learn More?

To zoom out on this topic, review our knowledge-based article on MitM Attack Protection using Appdome Trusted Session or Request a demo at any time.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Liron Dror