Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 16251 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Https Scanning and iOS App Store

Roger

Hello

I just turned on the https scanning and decrypt. After installing the network agent and importing the certificate internet browsing and the apps I tested worked fine. But what is not working is the connection to the apple App Store. The connection is blocked. Can any one tell me how I can fix that?

Thanks

Roger



This thread was automatically locked due to age.
Parents
  • 0

    I would hazard a guess that the Appstore is using certificate pinning like any good application will. There is no way to prevent this without making an exception. You cannot override the certificate pinning for build-in IOS apps to prevent malicious actors from doing exactly what you are doing - MITM.

    The same goes for Microsoft/Google Apps and Websites. You are not running into an issue on desktop computers because they only enforce certificate pinning for publicly trusted roots and not privately trusted roots. This is why superfish, etc was such a big deal. Pretty soon most decent browsers and apps will force certificate pinning regardless of trust store used.

Reply
  • 0

    I would hazard a guess that the Appstore is using certificate pinning like any good application will. There is no way to prevent this without making an exception. You cannot override the certificate pinning for build-in IOS apps to prevent malicious actors from doing exactly what you are doing - MITM.

    The same goes for Microsoft/Google Apps and Websites. You are not running into an issue on desktop computers because they only enforce certificate pinning for publicly trusted roots and not privately trusted roots. This is why superfish, etc was such a big deal. Pretty soon most decent browsers and apps will force certificate pinning regardless of trust store used.

Children
No Data