You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: Learn what to do about various problems using SSL certificates with the MSAL.Objective-C library.
4
+
description: Learn what to do about various problems using TLS/SSL certificates with the MSAL.Objective-C library.
5
5
services: active-directory
6
6
documentationcenter: ''
7
7
author: mmacy
@@ -20,23 +20,23 @@ ms.reviewer: ''
20
20
ms.custom: aaddev
21
21
---
22
22
23
-
# How to: Troubleshoot MSAL for iOS and macOS SSL issues
23
+
# How to: Troubleshoot MSAL for iOS and macOS TLS/SSL issues
24
24
25
25
This article provides information to help you troubleshoot issues that you may come across while using the [Microsoft Authentication Library (MSAL) for iOS and macOS](reference-v2-libraries.md)
26
26
27
27
## Network issues
28
28
29
29
**Error -1200**: "An SSL error has occurred and a secure connection to the server can't be made."
30
30
31
-
This error means that the connection isn't secure. It occurs when a certificate is invalid. For more information, including which server is failing the SSL check, refer to `NSURLErrorFailingURLErrorKey` in the `userInfo` dictionary of the error object.
31
+
This error means that the connection isn't secure. It occurs when a certificate is invalid. For more information, including which server is failing the TLS check, refer to `NSURLErrorFailingURLErrorKey` in the `userInfo` dictionary of the error object.
32
32
33
33
This error is from Apple's networking library. A full list of NSURL error codes is in NSURLError.h in the macOS and iOS SDKs. For more details about this error, see [URL Loading System Error Codes](https://developer.apple.com/documentation/foundation/1508628-url_loading_system_error_codes?language=objc).
34
34
35
35
## Certificate issues
36
36
37
-
If the URL providing an invalid certificate connects to the server that you intend to use as part of the authentication flow, a good start to diagnosing the problem is to test the URL with a SSL validation service such as [Qualys SSL Labs Analyzer](https://www.ssllabs.com/ssltest/analyze.html). It tests the server against a wide array of scenarios and browsers and checks for many known vulnerabilities.
37
+
If the URL providing an invalid certificate connects to the server that you intend to use as part of the authentication flow, a good start to diagnosing the problem is to test the URL with an SSL validation service such as [SSL Server Test](https://www.ssllabs.com/ssltest/analyze.html). It tests the server against a wide array of scenarios and browsers and checks for many known vulnerabilities.
38
38
39
-
By default, Apple's new [App Transport Security (ATS)](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35) feature applies more stringent security policies to apps that use SSL certificates. Some operating systems and web browsers have started enforcing some of these policies by default. For security reasons, we recommend you not disable ATS.
39
+
By default, Apple's new [App Transport Security (ATS)](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35) feature applies more stringent security policies to apps that use TLS/SSL certificates. Some operating systems and web browsers have started enforcing some of these policies by default. For security reasons, we recommend you not disable ATS.
40
40
41
41
Certificates using SHA-1 hashes have known vulnerabilities. Most modern web browsers don't allow certificates with SHA-1 hashes.
0 commit comments