Learn how to troubleshoot TLS issues and other network connectivity issues between your mobile apps and your servers. To simplify the troubleshooting process, Appdome has created TLSVerify, a dedicated debugging apps for iOS and Android to assist you in testing the TLS connections of your mobile apps. This knowledge base articles describes how to use TLSVerify to test TLS connections for mobile apps.
After you received the TLSVerify from the support team, you’ll need to install in on your device.
You will receive an installation link:
You can access this link in your mobile device’s browser and install the app directly on your phone (you might need to allow installation of apps from “unknown sources”).
Alternatively, you can access the link with a PC, and download the binary to sideload the app. For Android devices, you can sideload it from the Command Line Through ADB (Android debug bridge), or services like AirDroid to install the app. For iOS devices, you can sideload the debug app using MacOS.
Once you have the app ready, follow these steps:
The TLSVerify App will inspect the connection for anything that looks suspicious. Once the app detects an unprotected connection. Many problems can be found when troubleshooting TLS issues. Some key examples are expired certificate, non-secure or disallowed cipher suite, old TLS version) it will alert the problem with a pop-up custom notification
For example, here is a notification about an expired certificate:
5. To close the browser and return to the debug app main screen, click on Close
The Secured Network Communication Debugging App will inspect the connection for anything that looks suspicious. Once the app detects an unprotected connection (for example, expired certificate, not allowed cipher suite, etc) it will alert the problem with a pop-up custom notification
For example, here is a notification about an expired certificate:
5. To refresh the connection, click on GO again
Notification | Troubleshooting |
---|---|
The certificate has expired | Check the expiration date of the certificates in your SSL certificates chain. |
The issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete. |
Verify that the identity of the Intermediate Certificate Authority (CA) certificate isn’t missing and recognized on the device. |
The certificate was not found in the list of trusted certificates. | Add the relevant certificate to your SSL certificates chain. |
The TLS version is not 1.2 | Verify the app is using TLS 1.2 version for network communication.
Appdome can assist the user to Enforce TLS Versions. |
The Hostname didn’t match the hostname in the certificate | Verify the hostname in the certificate is the same host that your app tries to access. |
Leaf certificate shouldn’t be CA | Change the leaf certificate in your SSL certificates chain. |
Non-leaf certificate should be CA | Verify all the certificated in the certificates chain are valid. Appdome can assist the user to Enforce Certificates Roles. |
Only specific cipher suites are allowed | Verify the cipher suite the connection is using was defined in the allowed cipher suites. Appdome can assist the user to Enforce TLS Cipher-Suites. |
The certificate doesn’t have basic constraints | The error occurs because basicConstraints extension in one of the basic CA certificates is not set to TRUE. One of the basic CA certificates is not enabled to sign other public keys to generate client certificates. |
You are welcome to contact Appdome’s support team with any questions.
Great! Your network is configured and there are no connectivity problems between your mobile app and your servers.
You can now build your app with MitM Attack Protection using Appdome Trusted Session.
To zoom out on this topic, review our knowledge-based article on MitM Attack Protection using Appdome Trusted Session or Request a demo at any time.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.
Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.