Hello All,
We are facing weird issue rarely but it continues for few hours or a day.
Observations:
-
Issue get resolved automatically when we change iOS device network.
-
We are using sub domain for all network request on iOS/Android App, only iOS Device is logging below mentioned issue.
-
Both domain has different certificate, where we are using wildcard certificate on subdomain, (*.domain.co.nz )
-
Main domain don't have subdomain name in subject list (SAN or CN)
-
we have verified both certificate are valid and supporting TLSv1.3
Also, We have verified instruction given by apple which is also looks good: https://support.apple.com/en-us/103769
you may observer *.wordpress.com is logged in certificate chain validation But We are not calling any of the network request on *.wordpress.com Our backend server is using only NodeJs and Express.js and as mentioned by out backend team, we don't have any use of main domain/server.
Here is Xcode Error Log
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “subdomain.maindomain.co.nz” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x11603ae00) s: *.wordpress.com i: Sectigo ECC Domain Validation Secure Server CA>", "<cert(0x11603b600) s: Sectigo ECC Domain Validation Secure Server CA i: USERTrust ECC Certification Authority>", "<cert(0x116043400) s: USERTrust ECC Certification Authority i: AAA Certificate Services>" ), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://subdomain.maindomain.co.nz/vider/api/v1/users/login, NSErrorFailingURLStringKey=https://subdomain.maindomain.co.nz/vider/api/v1/users/login, NSUnderlyingError=0x301ec2cd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x3021b1360>, kCFNetworkCFStreamSSLErrorOriginalValue=-9843, kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9843, kCFStreamPropertySSLPeerCertificates=( "<cert(0x11603ae00) s: *.wordpress.com i: Sectigo ECC Domain Validation Secure Server CA>", "<cert(0x11603b600) s: Sectigo ECC Domain Validation Secure Server CA i: USERTrust ECC Certification Authority>", "<cert(0x116043400) s: USERTrust ECC Certification Authority i: AAA Certificate Services>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <A645226C-8FAB-4676-A1B8-36E751621C06>.<1>" ), kCFStreamErrorCodeKey=-9843, NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <A645226C-8FAB-4676-A1B8-36E751621C06>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x3021b1360>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “subdomain.maindomain.co.nz” which could put your confidential information at risk.})) URLSessionTask failed with error: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “subdomain.maindomain.co.nz” which could put your confidential information at risk. "Show: Something went wrong! please try again after sometime!" "Networking error message: Optional("URLSessionTask failed with error: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “subdomain.maindomain.co.nz” which could put your confidential information at risk.")
End of error Log,
Kindly help us. Thanks in advance.