Mobile app is not getting decrypted

Mobile app is not getting decrypted

19741
Created On 09/25/18 19:48 PM - Last Modified 06/13/23 13:40 PM


Symptom


Symptoms

  • Decryption is enabled for all the traffic.
  • All traffic shows as decrypted except for the mobile application (IOS and Android) which shows as not decrypted on the firewall.
  • All other traffic is getting decrypted.

 

Diagnosis

Possible expected behaviour.

Resolution


For added security, some application developers will pin the certificate along with the public key

(server certificate with the public key).
When a client initiates an SSL session to the server, the server sends its certificate, including the public key. Then the client (mobile devices) compares the received certificate with the inbuilt / pinned certificate in the mobile app, and they should match.
In a simple IOS application, messages can only be encrypted / decrypted with the predefined certificate pinned during the time of development.

 

dia.PNG

 

When we enable SSL forward proxy, the firewall provides its own certificate as it performs a Man in the Middle, which is not accepted by the application. To prevent connectivity issues, these types of pinned certificate sessions will bypass SSL decryption.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cle9CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language