Using Github-Desktop for Enterprise account on Mac OS

When you try to access Github desktop application from Mac OS later El-Captain (OS X 10.11) version, it restricts you with “could not reach the server” error.

You can track the error by looking at /Applications/Utilities/Console.app logs by GitHub Desktop in the system.log

underlying error: NSError { domain: OCTClientErrorDomain, code: 668, description: “The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.”, underlying error: NSURLError       
<key>NSExceptionDomains</key>

The reason is, Apple has turned on App Transport Security (ATS) by default to enforce best practices in secure connections. For higher-level networking APIS like github desktop users, Transport Layer Security (TLS) 1.2 with forward secrecy must be used.

To make this work, you would need to update your Enterprise instance to a certificate with SHA256 hash algorithm and 2048-bit RSA or 256-bit ECC or better.

You can read more about this in the Mac Developer Library under Security Enhancements > App Transport Security:

There is also a workaround, which involves editing the .plist file located here:

/Applications/GitHub Desktop.app/Contents/Info.plist

You will want to edit that file just above the very last line, updating the domain to match that of your Enterprise appliance.

<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>my-github-enterprise-install.domain</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.