Layer7 API Management

Expand all | Collapse all

MAG: IOS Client Certificate Renewal

  • 1.  MAG: IOS Client Certificate Renewal

    Posted 08-20-2020 02:00 AM
    Does anyone recognize this behavior? If so, how did you solve it?

    We are in the end state of the implementation of MAG 4.2.
    But we do have some issues now in the client certificate renewal process for iOS devices. However, the same process works fine with Android.

    The MAG SDK automatically(OOTB) triggers the certificate renewal process after receiving the MAG error code "206" as a response for any API calls.
    The renewal process is triggered by calling the renewal endpoint.
    The HTTP Response of the renewal endpoint has a Content type set to text/plain

    The issue seems to be that the Client certificate is not getting renewed in iOS applications because the MAG SDK does not accept the content type text/plain for this process. 

    When the SDK triggers an certfificate renewal on the device we believe that in the code the request and responsetype is set to JSON.
    But because MAG returns a base64 (text/plain) encoded certificate the SDK fails on this call, when the response is parsed to JSON....

    So, does anyone had the same problem? Or are we the first who are running into this issue when executing the renewal process for iOS devices. The question is, wether it is mis-configuration on our side or a bug ...



    ------------------------------
    Infra Domain Architect
    Achmea IT
    Netherlands
    ------------------------------


  • 2.  RE: MAG: IOS Client Certificate Renewal

    Posted 02-12-2021 02:35 PM
    Hi,

    I have encountered the exact same problem. Did anyone find a workaround?


  • 3.  RE: MAG: IOS Client Certificate Renewal

    Posted 03-04-2021 12:16 PM
    Hi Rafael,

    I'm working at the same company as Gerfof. In the end we received a patched version of the SDK, which will be general avaiable in the future. There's no known work around.

    Kind regards,
    Mark