[SSL Pinning Plugin] Mobile app not working after adding SSL pinning

Forge Component
(4)
Published on 2 Sep by OutSystems R&D
4 votes
Published on 2 Sep by OutSystems R&D

Hi,


We are building a mobile app (iOS and Android) using OutSystems and have been asked to implement SSL pinning by our security team for added security. We have used SSL Pinning forge component for the same. However, while testing we see the app does not work on corporate network (with proxy) but when used on external or Internet there are no issues. Has anybody encountered similar problem with SSL pinning?


Any kind of help will be greatly appreciated. Thanks

Ravi


Hello Ravi.

When connecting through the internal network, the certificate that the server/proxy provides might not be the same that it's provided when there's external connection.

Thanks

Hi! I'm having the issue but the opposite: on intranet it works but doesn't in internet/extranet.

Did you configure something on the proxy? Do you use reverse proxy?

Hi Ravi,

If the mobile app persists to show only the Reload screen then these are the root cause.. that I too faced yesterday.

If your default OS Cloud server certificate is outsystemsenterprise.com then here's something to worry & update to resolve it :

https://success.outsystems.com/Support/Security/OutSystems_cloud_certificate_change_-_September%2F%2FOctober_2020


I am using SSL Pinning plugin on my mobile apps. Do I need to do anything?

As long as you are pinning your mobile applications to your own certificate, this operation won't impact your mobile apps.

However, if you are pinning your mobile apps on the outsystemsenterprise.com.com certificate, this rotation will cause your applications to stop connecting to the OutSystems Cloud environment.

If you're already using the outsystemsenterprise.com certificate for SSL Pinning:

  • To avoid any downtime, take this opportunity to use your own certificate, for which you have the certificate keys, and use your certificate fingerprint on your mobile apps.
  • In the transition process it's possible to add the following fingerprint that represents the certificate that will be installed in late September/early October 2020 to the SSL Pinning component. Fingerprint: U6vSutzZQ4RuSJwV2i0vUO6qtGcX5vGltvpGnNd5BEg=
  • Make sure to plan and switch to use your own SSL certificate for SSL Pinning.

Please beware that OutSystems will no longer provide the outsystemsenterprise.com certificate fingerprint in advance for future certificate changes. For this reason, the outsystemsenterprise.com should never be used for SSL Pinning.

Note that you should keep the current fingerprint and add the new one so that your app continues to function as expected before and after the certificate renewal. For more information on how to add a new fingerprint to your SSL Pinning component please visit the component official documentation here.

Hope it helps,
Assif