WoSign free SSL certificate helps you cope with ATS security standard of Apple
2016-07-12Apple announced that every App submitted to App Store must enable ATS security standard (App Transport Security) and use HTTPS encryption link from January 1st 2017. By that time, App that doesn’t enable ATS may be banned. It is worth noting that Apple also announced ATS supports CT and developers should use SSL certificate that supports CT.
In order to achieve better security of IOS App and ensure the App will appear in the market, developers should use HTTPS certificates that suit the ATS requirement for the App server. The free SSL certificate of WoSign, which meets the requirement of Apple ATS and supports Google CT, can help developers easily cope with the recent security standards.
Requirements of Apple ATS upon HTTPS certificate
The following standards must be met to enable ATS. HTTPS certificate that doesn’t meet the condition will be rejected be connect by ATS:
·All links of server should use the version of TLS 1.2 or above
·HTTPS certificates must use Hash algorithm of SHA256 or above to sign
·HTTPS certificates must use public key algorithm of RSA 2048, ECC 256 or above
·Forward encryption technology should be used
In addition, Apple ATS supports CT and developers should use SSL certificate that supports CT to ensure the legality and transparency as well as avoid to be attacked by middleman.
Forcible implementation of ATS security standard and CT has reflected the consistent attitude of Apple towards security protection. IOS developers must upgrade the server in accordance with Apple standards so that the App can be released normally. How to quickly upgrade the App to meet the requirements of ATS and reduce the cost of HTTPS certificate at the same time as well as what is the correct configuration of HTTPS have become the most concerned questions of developers.
Apply for WoSign free SSL certificate to cope with ATS standard easily
Ever since being released in 2015, WoSign free SSL certificates have been widely commented. The free certificate not only meets the standards of Apple ATS but also support Google CT and all the mobile terminals of Apple. Users can handle the latest security standards at zero cost.
·Meet the requirement of Apple ATS, free upgrade to HTTPS
WoSign free SSL certificate supports SHA256 signature algorithm, RSA 2048 and ECC 256 public key algorithm, which meet the requirements of AST and can help IOS developers enable HTTPS encrypted link at zero cost.
·First free SSL certificate that completely supports CT worldwide
WoSign is the first one in the globe to introduce free SSL certificate that completely supports certificate transparency. Every issued free SSL certificate has built-in SCT data, which means the certificate has been submitted to qualified CT Log server.
·Exclusive certificate in China supports all mobile terminals of Apple (iPhone, iPad)
Are you worried about the compatibility of free SSL certificate? WoSign CA has passed the certification of Apple with our root certificate preset in all browsers and mobile terminals of Apple.
·Completely free, support multi-domains in multi-years
WoSign free SSL certificates support 5 domains and valid period of 2 years, satisfying the basic needs of developers. Neither the application, issuance nor revocation of the certificate is charged.
·24/7 advisory response
WoSign customer service and technical support team provide 24/7 advisory response services, helping you upgrade to ATS standards.
Correctly enable HTTPS link, prevent middleman attack
WoSign CA holds the opinion that except for satisfying Apple ATS, better App security can be achieved by correct configuration of HTTPS link. WoSign CA has tested some of the HTTPS links of domestic pop App. It turned out that 98% of the pages presented to use HTTPS links didn’t verify certificate chain or issuer. They even did not verify whether the certificate domain was matched. It is very possible to be attacked by hackers using false server. The illustration below shows that mobile App of some online retailers has completed SSL handshake with false server.
WoSign CA suggests IOS developers to pay attention to the following points when deploy HTTPS link:
·Apply SSL certificate that meets the requirement of ATS from qualified CA (like WoSign)
·Verify certificate chain
·Verify certificate issuer
·Verify whether the certificate domain matches
If you have questions about how to correctly enable HTTPS links, you can come to WoSign CA, who will provide professional technical consultation and help users to deploy HTTPS certificate in a more secure way.
About WoSign
WoSign (www.wosign.com) is the largest Chinese independent CA brand that has passed the international certification of WebTrust and gained the permit of the Ministry of Industry and Information Technology. According to Netcraft, WoSign ranks the first in the SSL certificate market share in China. One third of domestic users choose WoSign.
In July 2016, WoSign takes the lead in upgrading all SSL certificates (including free SSL certificates) to support certificate transparency, which means every certificate issued by WoSign will accept the supervision of global users.
Article source: WoSign CA