Good morning, afternoon or evening
Well, as it says in the title, I’m having lots of never-ending problems with secure requests to my project’s back-end.
Said problem began a few weeks ago, when we tried to build the app in production mode but nothing happened, it simply did not work: no login, no registration, nothing. Turns out it has to do with something related to SSL certificates. Well, I found documentation on the matter on the official Android dev website related to these certs and a few tweaks here and there in my network_security_config.xml and voilà, it works like a charm, pointing to the production domain correctly. I basically had to add trusted system certs and trusted user certs to the .xml in question with the trust-anchors element.
Well, this problem started again. A few days ago we were starting the process of publishing the app to the Play Store when we receive an alert telling us our app was still in debug mode. I disable debug mode in the AndroidManifest.xml as told, the app gets published and boom, the same problem again. I can’t login nor register on the app. I still know it has something to do with the SSL certs, but I don’t know exactly how to fix this since I cannot debug the app right now for obvious reasons. I tried different configs with the Java keytool thingy, but nothing. I’m stuck. The only temporary fix I found is modifying Cordova’s SystemWebViewClient.java file so that the app would bypass the SSL check no matter what if it detected it had the native android:debuggable attribute disabled (which I got from here: Ignoring invalid SSL certificates on Cordova for Android and iOS - Web and Mobile Development Blog - JC Ivancevich), but still, the app would be open to lots of different attacks, so that’s my worry.
What should I do?
I’m using Cordova 10 and Android Cordova Platform 9.1.0. For building, I use Gradle 6.6 and Android build-tools 29.0.2.
Thank you so much for the help in advance!
Good morning, afternoon or evening
This sounds far more complicated than it should be. Who is your SSL certificate provider?
Sorry for the delay, I’m just fighting constantly with this problem.
The provider in question is called “DonWeb”, which is a local webhosting provider (Argentina).
But, again, nothing seems to be working.
I already imported the certificate the backend dev provided me with, a .PEM one, to the raw folder which was not created for some reason in the first place.
I put the trust-anchor tag corresponding to this certificate in the network_security_config and still, nothing is working with debug off in the final build. Not even the server is registering any kind of request. It’s like Cordova hates me.
I tried to log the errors that the onReceivedSslError generates in SystemWebViewClient but it’s no use if I can’t debug the application, since this problem only happens when debug is off.
Thanks for the help.
Ask them if intermediate certificates are required, and if so, you will need to include them as well.
He answered me today and nope, no intermediate certs required.
Anything else in mind?
UPDATE: Well, seems I’ve managed to debug the app, or something like it, using ADB Logcat.
This is the error Logcat is throwing whenever I want to make a request, whether it’s login, register or things of the sort.
UPDATE 2: Maybe it’s Android the one that needs an intermediate cert to generate a secure connection? Or am I wrong?
I’m upping this to see if someone else can help with this. Any help is appreciated. The sooner I can fix this, the better.