Zscaler proxy + iOS Simulator + iOS Development (failing to connect to server ip)

Hello,

I am a developer on a machine that utilizes zscaler proxy. The ios simulator has had a fair share of problems using this proxy. Our custom react native application fails to connect to a test server via ios simulator. I have narrowed this down to the proxy replacing the certificate and failing my connection request via the app.

I have installed the root CA zscaler cert on the ios simulator and that allowed me to access the server url via safari. However, I’m unsure of the ios app configuration to allow the app to connect. I have seen a couple places say to add NSExceptionDomains but that doesn’t seem to resolve the issue.

So my question now - how do I configure my info.plist (or some other config?) so that I can allow the cert replacement while using the ios simulator?

Hi @legacydev,

Proxy over iOS devices are quite tricky; as almost all apps are developped using Cert Pining, applying a proxy and SSL inspection often result to all apps failing to works.

1st, I would suggest to check with your company’s Zscaler admin if all default bypasses are applied :

For instance, iOS requieres SSL bypasses at minimum for :

Best would maybe to try first completely disabling SSL inspection for your testing device, and then identify which URL is causing the issue (see About SSL Inspection | Zscaler).

Another thing you should also check is if the remote ressource (your test web server) is reachable though Zscaler using a Windows or Mac OS device (depending on which kind of OS your company is running with).

Cheers,
Vincent.

1 Like

Thanks! Thats a big help for where to start. I’ve reach out and will update once I get further!

So after a couple weeks of addition troubleshooting - turns out that itunes.apple.com was blocked.

  • Step 1: install zscaler root CA on simulators (both android and iOS) by exporting it from the keychain and dropping on each simulator
  • Step 2: Make sure IT did not block itunes.apple.com

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.