Mobile Safari HTTPS pages show SSL certificate owner as window/tab/page title
| Originator: | mangaroo | ||
| Number: | rdar://12091044 | Date Originated: | 13-Aug-2012 04:55 PM |
| Status: | Open | Resolved: | |
| Product: | iPad | Product Version: | 2 |
| Classification: | UI/Usability | Reproducible: | Yes |
Summary: We notice this in our testing of our website on Safari on iOS devices, particularly the iPad (iOS 5.1). When visiting HTTPS pages (say checkout, my accounts, login), it will display for the browser window (or more correctly, the browser tab) title text using the SSL certificate's owner (that's typically the name of the company/organization that paid for and owns the certificate issued by whatever issuing authority). On visiting regular HTTP sites, Safari shows the expected page title defined by the HTML tag. This only happens on mobile Safari of course. The desktop Safari shows expected page title, and has section in address bar to show certificate owner which you can click for more details. Is this expected and by design? If so, what is the rationale behind this? Unless this is publicly and well documented, this will just end up confusing users and developers. If it is documented, I hope this documentation is easy to find, including for end users. I did some further testing, and the issue doesn't affect all sites. You could say it may be specific to "something", but what this is we should find out. I think it could be related to how the SSL certificate is issued or configured (issuing authority, how installed, server platform, etc.). Also think this may not occur for self-signed certificates (we didn't see it in our internal test environments using the self signed certs). What I found is mentioned in steps to reproduce. Steps to Reproduce: Hopefully, this reproduces for others as well, these are public sites (below) to test against. Best way to test is to access an HTTPS page on the site, typically the sign in page to start with. Can also try cart, checkout pages on the sites. Login page is easiest since you don't need an account to land on the page. Go to the pages on these sites using mobile Safari (preferably iPad), then observe the tab title. Reproduces for (me at least): www.tinyprints.com www.weddingpaperdivas.com www.treat.com www.ebay.com Does not appear to reproduce for: www.shutterfly.com www.amazon.com Expected Results: should show page title specified by the HTML. Actual Results: sometimes shows the SSL certificate owner name instead. Regression: don't know Notes: 13-Aug-2012 04:58 PM David Luu: Prior to submitting this bug, I posted to an Apple forum for discussion first. This might be helpul: https://discussions.apple.com/thread/3941962
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Marked duplicate by Apple as duplicate of open bug 12228218
Bug caused by type of SSL certificate?
Got this bit of info from user post to my discussion thread today:
https://discussions.apple.com/message/18353990#18353990
"It all has to do with the type of SSL certificate on the web site. If the certificate has "Extended Validation" then it will display the company name and not the page title. If it is a standard SSL certificate, it won't."
http://en.wikipedia.org/wiki/Extended_Validation_Certificate
I haven't and may not have access to confirm this, but will check with my organization about it. Hope this info helps others though.
Verify against iOS 6
Apple requested I check if this occurred on iOS 6. I asked a friend to help confirm and it still does exist.