Website "http load failed (error code -1005)" only in iOS, especially on mobile mode

Question

devheedoo OP

Created Mar ’18

Replies 4

Boosts 0

Views 7.3k

Participants 2

There are some posts related to error code -1005. But I couldn't solve my problem with them, so I wrote this.

# Error Explanation

## on "iOS + HTTPS"

After entering the website, it loads some resources for seconds, then losts connection. It happen on "iOS + HTTPS" in all browsers.

## Solved After Setting Desktop Mode

Strangely, the error disappears when changing the browser mode to "Desktop Mode". But there's no way to change user's browser mode automatically, so it's not a solution.

# Details

## Less CSS, Less Error

I tested for a while on test page. If the number of CSS files decreases, error occurs less often. But it doesn't disappear perfectly even if there's no CSS file.

## HTTP Code 200 ... Then Disappeared

On Tomcat server, log says only 200 HTTP code. There's no 404 nor other codes. And resource loading finishes irregularly.

## "http load failed (error code -1005)"

I saw the following code repeat at Console on Mac.

error 13:09:28.725842 +0900 com.apple.WebKit.Networking TIC Read Status [467:0x15f959500]: 1:57
error 13:09:28.726451 +0900 com.apple.WebKit.Networking Task <201EA34E-AC31-47EE-9AE1-53C53D420BB4>.<223> HTTP load failed (error code: -1005 [1:57])
error 13:09:28.727700 +0900 com.apple.WebKit.Networking Task <201EA34E-AC31-47EE-9AE1-53C53D420BB4>.<223> finished with error - code: -1005

## SSL Chain Uninvolved

Digicert, CA of my website, says the SSL certificate isn't installed normally. Its chain is not registered.

## Another Website Works Well on Same Server

Strangely again, there is another website which uses the same SSL certificate and Tomcat server. But there is no error on it.

# Development Environment

## Tomcat, Spring

single Tomcat server without Apache server, and Spring

## Web Firewall With Basic Mode

A web firewall operates at my clients' side. They said there's no special policies on it.

Boost

Answer 1

Crudebyte OP

Mar ’18

You should probably start by checking whether your server side SSL certificate configuration is valid. For instance you said that you are hosting "another website" on the server with the "same SSL certificate". Your CA provides you a certificate signed for one specific domain and a specific set of subdomains of that domain. So when you try to use that SSL certificate for a wrong domain or subdomain, any SSL client will at least show a warning to the user, and most SSL clients nowadays would immediately stop communication with the server at that point, since it means the server is not trustworthy.

Then you should also configure your server to automatically provide "intermediate" SSL certificates if necessary. Usually CAs store the private keys of their most important SSL certificates (i.e. their root certificates) offline at a safe place. For their actual work they are doing, they create subcertificates called "intermediate" certificates. The latter are signed by their top most (i.e. root) certificate and then they are using those intermediate certificates to actually sign your certificate(s). This way a chain of trust is created. But that also means, any SSL clients needs to have access to all certificates in the chain. Ask your CA for the precise intermediate certificates you need for your certificate, then add them to your web server appropriately.

1

Answer 2

devheedoo OP

Mar ’18

Thank you for your kind answer. Sorry for my short question.

1.

Thanks for careful concern. I should have described it in more detail.

They are 'www.domain.com' and 'subdomain.domain.com'. They had used the same SSL certificate normally for 2 years.

The error occurs before a month ago. At that time the web firewall had updates, SSL certificate updates. And website's code had changed for 2 years. So I couldn't be sure what causes the error.

2.

I am getting in touch with the person concerned with certificate. At first contact, he said there would be mistakes of applying certificate on web firewall.

But the strange thing is that the SSL certificate they're using is checked as "The server is not sending the required intermediate certificate.". Only one has the error, but another doesn't. The administrator of web firewall says the cause of the error should be in my website code...

+

The most interesting thing of the error for me is that it disappears when changing the mode of browser to desktop mode, including Safari, Chrome, Firefox. So I doubt iOS a little. How could I get some information about it?

0

Answer 3

Crudebyte OP

Mar ’18

This issue is probably not related to your firewall at all. You should really check the two possibilites mentioned before. Simply connect with a regular web browser on your Mac/PC with the affected website, then from your web browser view the details of the SSL certificate, which will reveal all required information like for which subdomain(s) the certificate is valid for, and on top of the certificate's details dialog you usually see a tree with all certificates involved (the chain of trust), starting with the respective root CA certificate on the very top, then the required intermediate certificates, and on lowest level your own website certificate.

Then download the required intermediate certificate(s) from your CA's website onto your web server, ask your CA on doubt where you get them, then configure your server to offer the intermediate certificate(s) to clients as well. If you don't know how to do the latter: some people make their life easy by simply appending the intermediate certificate(s) to their certificate file (to the end of your certificate file). So that way your server would automatically send your certificate along with the required intermediate certificate(s).

1

Answer 4

devheedoo OP

Mar ’18

Thank you for your answer.

Now, the error in iOS is clear. The cause was from the web firewall program. According to the person concerned, the policy of "multiple method" caused the iOS problem. After turning off the policy, error was gone.

But the certificate issue remains. We are contacting with web firewall company and certificate company. It's ongoing. Thank you.

0