Certificate issue with https://ppq.apple.com

Hi there,

some of our users can't verify their enterprise apps currently. Does anybody know of certificate issues with https://ppq.apple.com ? When I open https://ppq.apple.com in Safari, it redirects sometimes to https://ppq-ext.v.aaplimg.com, and then the certificate is not trusted because it doesn't match the hostname (certificate is for https://ppq.apple.com).

Some hours ago, it would't do that redirect and it was working in Safari, but now it redirects and I get the error. When doing curl https://ppq.apple.com on the command line, I don't get the redirect and the connection is working.

Cheers, Matthias

Were you able to fix this? I have some devices that have started getting the same error.

The certificate error only occurs when you use a browser to go to http://ppq.apple.com. This doesn't affect validating apps since the device always uses https instead of http. So the certificate error appears to be a red herring.

Please reproduce the issue on a device, take a sysdiagnose, and file feedback with Apple with the sysdiagnose attached.

This is not a "red herring". We are having devices fail on this as well. The failing iPads go through a 301 redirect when attempting to hit Apple’s PPQ verification site. When trying to GET from https://ppq.apple.com/v1/connect , the device is redirected to ppq-ext.v.aaplimg.com, causing verification to fail. Devices that are not failing to verify our enterprise apps are not being redirected.

Take a look at the video and information here: https://www.dropbox.com/scl/fo/0k2v4bf7851trk8yql56r/h?rlkey=h2pmax86ccokytijzojmmpn4j&dl=0

This is not a "red herring". We are having devices fail on this as well. The failing iPads go through a 301 redirect when attempting to hit Apple’s PPQ verification site. When trying to GET from https://ppq.apple.com/v1/connect , the device is redirected to ppq-ext.v.aaplimg.com, causing verification to fail. Devices that are not failing to verify our enterprise apps are not being redirected.

@andydylan we're seeing Enterprise apps failing on our devices as well (https://developer.apple.com/forums/thread/736905). Can I ask what led you to believe ppq.apple.com is the culprit? We're seeing somewhat inconsistent results on our devices, with the HTTP redirection sometimes being followed (and the TLS error popping up), and sometimes not. Also, How did you find the https://ppq.apple.com/v1/connect endpoint? Did you inspect the network trafic on device?

Thanks for you help!

Apple folks : I filled FB13517560 with a sysdiagnose of an affected device and the error reproduced, please look at it.

We are not seeing this issue anymore with devices updated to iOS 17.3+

Apple probably silently fixed the problem.

Certificate issue with https://ppq.apple.com
 
 
Q