Certificate issue with https://ppq.apple.com

Hi there,

some of our users can't verify their enterprise apps currently. Does anybody know of certificate issues with https://ppq.apple.com ? When I open https://ppq.apple.com in Safari, it redirects sometimes to https://ppq-ext.v.aaplimg.com, and then the certificate is not trusted because it doesn't match the hostname (certificate is for https://ppq.apple.com).

Some hours ago, it would't do that redirect and it was working in Safari, but now it redirects and I get the error. When doing curl https://ppq.apple.com on the command line, I don't get the redirect and the connection is working.

Cheers, Matthias

Post not yet marked as solved Up vote post of fuellerm Down vote post of fuellerm
1k views
Posted by
fuellerm
Reply
Add a Comment

Replies

Were you able to fix this? I have some devices that have started getting the same error.

Posted by
Scotch37
Up vote reply of Scotch37 Down vote reply of Scotch37
Add a Comment

The certificate error only occurs when you use a browser to go to http://ppq.apple.com. This doesn't affect validating apps since the device always uses https instead of http. So the certificate error appears to be a red herring.

Please reproduce the issue on a device, take a sysdiagnose, and file feedback with Apple with the sysdiagnose attached.

Posted by
Systems Engineer
Up vote reply of Systems Engineer Down vote reply of Systems Engineer
Add a Comment

This is not a "red herring". We are having devices fail on this as well. The failing iPads go through a 301 redirect when attempting to hit Apple’s PPQ verification site. When trying to GET from https://ppq.apple.com/v1/connect , the device is redirected to ppq-ext.v.aaplimg.com, causing verification to fail. Devices that are not failing to verify our enterprise apps are not being redirected.

Take a look at the video and information here: https://www.dropbox.com/scl/fo/0k2v4bf7851trk8yql56r/h?rlkey=h2pmax86ccokytijzojmmpn4j&dl=0

Posted by
andydylan
Up vote reply of andydylan Down vote reply of andydylan
Add a Comment

This is not a "red herring". We are having devices fail on this as well. The failing iPads go through a 301 redirect when attempting to hit Apple’s PPQ verification site. When trying to GET from https://ppq.apple.com/v1/connect , the device is redirected to ppq-ext.v.aaplimg.com, causing verification to fail. Devices that are not failing to verify our enterprise apps are not being redirected.

ppqfail.txt

ppqconnect.txt
Posted by
andydylan
Up vote reply of andydylan Down vote reply of andydylan
Add a Comment

@andydylan we're seeing Enterprise apps failing on our devices as well (https://developer.apple.com/forums/thread/736905). Can I ask what led you to believe ppq.apple.com is the culprit? We're seeing somewhat inconsistent results on our devices, with the HTTP redirection sometimes being followed (and the TLS error popping up), and sometimes not. Also, How did you find the https://ppq.apple.com/v1/connect endpoint? Did you inspect the network trafic on device?

Thanks for you help!

Apple folks : I filled FB13517560 with a sysdiagnose of an affected device and the error reproduced, please look at it.

Posted by
guillaumea
Up vote reply of guillaumea Down vote reply of guillaumea
Add a Comment

We are not seeing this issue anymore with devices updated to iOS 17.3+

Apple probably silently fixed the problem.

Posted by
guillaumea
Up vote reply of guillaumea Down vote reply of guillaumea
Add a Comment