The tests in the WebApi Test Tool are successful, but the Mobile App login is not possible.
In most cases, the cause of the behaviour is that the customer is using a sub-sub-domain and the certificate is therefore considered invalid for the Android / IOS.
In the following example we work with the "example.com" domain, which has a wildcard certificate and thus allows any subdomains.
Thus, the following examples would be valid (one level of subdomains = subdomain):
Now, however, the customer may want to go one level further with the subdomains, e.g.:
In most browsers, the certificate for "*.example.com" is still recognised as valid, so the WebApi test would pass.
IOS and Android work more strictly at this point. They only accept one level of the subdomain for wildcard certificates.
Thus, the sub-sub-domain " xphone.connect.example.com" would be invalid for the mobile devices and it is not possible to log in to the mobile app.
The certificate is issued for the full domain "xphone.connect.example.com".
A new wildcard certificate is created, where the URL falls into the first level subdomain part (e.g. wildcard certificate = *.connect.example.com).
You adjust the customer's A-Record entry and, if possible, change the dots to hyphens (e.g. xphone-connect.example.com).
Note: By changing the dots to hyphens, the part "xphone-connect" becomes a subdomain which is covered by the wildcard certificate "*.example.com" again.
Article is closed for comments.