Capacitor SSL Pinning: The Extra Layer of Security Your Mobile App Needs

Originally published at:

At Ionic, we talk a lot about mobile app security. As mobile apps become a more ubiquitous part of our lives, it’s never been more important to ensure that data accessed, used, and stored remains secure. That’s why we developed the Ionic Enterprise SDK. It offers a trio of fully-managed security solutions–Auth Connect, Identity Vault,…

I was completely blind; I got this error. my APIs do not work using Capacitor Http Plugin API | Capacitor Documentation or using fetch / Axios etc. After a detailed analysis, i found this error in Logcat.

it’s been two days but I still haven’t been able to resolve that.
Installation - SSL Pinning not worked
in this article have many things that are missing.
in your article I have these questions
1: You mention this path, “sslCerts/productionCerts/primary.cer”. Where should I create this folder? in native android and ios code or in the src directory?
2: Why, without that, can’t we hit API’s as you mentioned, this is the extra layer.
3: Do i required to add this code on both native code?
4: after adding this i got this same error like above.

please guide me thanks

You’ll need to follow the directions of either:

  1. The official Capacitor SSL Pinning plugin (which requires a product key and your best way to get support is by filling in the details at Get in Contact with a Sales Expert | Ionic).

  2. The plugin cordova-plugin-advanced-http which is what is mentioned in the article. For this you’ll need to follow all the instructions in the article which including making sure that the path is correct. The error says that the file isnt found (and doesnt mention sslCerts or any other subfolders). You’ll need to make your certificates make it into the folder the plugin expects. Support for the plugin is on the plugins github (which I wouldnt expect a reply on) so I would suggest going with Ionic’s paid plugin if you need support and maintenance.

Thank you very much for your feedback.
I experimented with various methods to achieve my goal. cordova-plugin-advanced-http in that I set SSL and setservertrustmode call which shows success message but still can’t work while calling APIs.
anyway in the end this solution works for me but I’m not sure about the IOS side, how can we do that.
By the way, thanks for the quick response. :green_heart: