Sehr geehrter Herr NicolasK,

 

ich habe das selbe Problem. Allerdings weis ich auch was das Problem an der ganzen Sache ist. Denn mit dem neuen Software Update (IOS 13 Beta 1&2 bis jetzt) vertraut Apple gewissen SLL Zertifikaten nicht mehr (welche genau müssten Sie nachschauen). Durch dies wird das Anzeigen von Zugverbindungen in der App unmöglich, da die App keine Verbindung zum Server aufbauen kann.

Bitte lösen Sie dieses Problem so schnell wie möglich, da ich stark auf die App angewiesen bin..

 

Mit Freundlichen Grüssen,

Xeno Wyss

@WyssX 
SLL Problem beschreibung:

"The problem might originate from server cert used by SBB if it is signed with SHA-1.

SHA-1 has been considered insecure since at least 2005 and Apple does not trust such certificates anymore with iOS 13 / macOS 10.15 (https://support.apple.com/en-us/HT210176)"

SBB is pinning a CA thats not trusted otherwise by Apple in their App. If you manually add SBB's CA to your iOS devices trust store the app will continue to work.

Note 1: You must also consider, that adding this CA to your device will whiteliste all servers signed by SBB for all communication originating from your device.

Note 2: Pinning an otherwise not trusted CA is by no means bad practice on SBB's side. If our (entire internet) current system with hundreds of CA is trustworthy or not is beeing debated for a long time. SBB limits the attack space by pinning a Single CA. As long as they keep the private key of this particular CA safe they have a secure implementation.

How do you proceed to this ? 

Installing Custom CAs is described at many locations on the internet. eg:

https://support.securly.com/hc/en-us/articles/206978437-How-to-deploy-Securly-SSL-certificate-to-iOS...

Now to the question about obtaining the CA certificate: you can obtain it from SBBs server using OpenSSL CLI:

s_client -showcerts -connect p1.sbbmobile.ch:443

If this info is not sufficient you are not a developer and should not be in possession of a closed beta.

I am maybe not as much at ease than you in SSL certification and I maybe only Ron beta on my secondary device for a reason...

I asked for hero, is it possible for you to explain to me how to do it woithput me getting in trouble by you

do I have to do it via the dereloper website ?

via keychain access on Mac?

any other suggestions ? 

thank you very much for helping out,

best regards ++

---

@jankais3r wrote:

I wrote a quick tutorial here: https://github.com/jankais3r/SBB-XVA-1200

---

i downloaded the certificate file from your GitHub, it creates the certificate on my mac, installed it on iPhone X iOS 13 beta 2; trusted the certificate but it doesn't work, unfortunately!

You did something wrong. Read the tutorial again and follow all steps. The certificate has to be installed and then trusted in the trust store settings. The process works when followed correctly.

---

@jankais3r wrote:

You did something wrong. Read the tutorial again and follow all steps. The certificate has to be installed and then trusted in the trust store settings. The process works when followed correctly.

---

Now it worked; the missing step is/was that it first creates a profile which is to be installed and then trust the certificate 🙂

Thanks a lot

@everbrave happy to hear! happy train rides 😉

---

@jankais3r wrote:
@everbrave happy to hear! happy train rides 😉

---

Thanks a lot; may be you want to mention this profile step (before the certificate) in the installation guide 😉

 

The step was already in the tutorial, but I expanded on it to make it more clear. Thanks

@jankais3r amazing, I don't know how I can thank you

I don't know how to thank you 

thank you soo much for your help and if I can give more than kudos I would ahhah

best regards and safe travels

 

 

Hello @WyssX 

Thank you for your request.

Currently, iOS13 only exists in beta version.

As a result, bugs can indeed be found. As soon as the operating system is verified and officially launched, our SBB Mobile application will work without any problems.

We thank you for your patience and wish you a nice afternoon.

Best regards,
JulieL