TLS handshake failure when logging into an Org on Hyperforce using Certificate-Based Authentication on iOS devices

Veröffentlichungsdatum: Feb 10, 2026

Beschreibung

When logging into an organization on Hyperforce using certificate-based authentication on iOS devices, the following error may occur:

'This website requires a certificate. The required certificate is not installed.'

Our investigation has confirmed that the cause of this issue is related to the limitations of iOS certificate validation, which became apparent after migrating to Hyperforce.

This behavior occurs on iOS devices after the Hyperforce migration and does not occur on Windows or Android devices.

iOS filters out client certificates which are not directly issued by one of the certificate authorities presented in the Acceptable client certificates list by the server during the TLS handshake.

iOS only matches certificates whose direct issuer is included in the CA list sent by the server. It does not traverse the chain up to the root CA.

This issue is caused by the behavior of the iOS TLS stack. Salesforce complies with appropriate standards.

Lösung

As a mitigation for this behavior, it is recommended to use the Salesforce Edge Network.

First Party instance and Edge Network do not send a CA list during the TLS handshake, so iOS display all installed client certificates as options.

The Salesforce network (1P, Edge Network, Hyperforce) all comply with appropriate standards.

Nummer des Knowledge-Artikels

005314064

Konnten Sie Ihr Problem mithilfe dieses Artikels lösen?

Geben Sie uns Feedback, damit wir uns verbessern können.

TLS handshake failure when logging into an Org on Hyperforce using Certificate-Based Authentication on iOS devices

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List