Mobile app is not getting decrypted
Symptom
Resolution
For added security, some application developers will pin the certificate along with the public key
(server certificate with the public key).
When a client initiates an SSL session to the server, the server sends its certificate, including the public key. Then the client (mobile devices) compares the received certificate with the inbuilt / pinned certificate in the mobile app, and they should match.
In a simple IOS application, messages can only be encrypted / decrypted with the predefined certificate pinned during the time of development.
When we enable SSL forward proxy, the firewall provides its own certificate as it performs a Man in the Middle, which is not accepted by the application. To prevent connectivity issues, these types of pinned certificate sessions will bypass SSL decryption.