Invalid SSL certificate with cordova-plugin-crosswalk-webview

mburger81 · March 23, 2017, 2:05pm

For our app I have to use the crosswalk webview, latest version 2.3.0. The problem is we have to use a SSL connection for https and wss calls, but there is not a trusted certificate.

On every request we make over https we get a TOAST message (which in my opinion does not came from IONIC but from cordova plugin) “Request was denied for security.”

We have a not trusted SSL certificate and I think this should be the problem! But I’m not able to resolve the problem, I tried many thinks like this

http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/

This is a very urgent problem, perhaps someone from the ionic team can help me? @brandyshea @mhartington

mhartington · March 23, 2017, 7:33pm

The toast is actually from Android it self, so it’s happening at the browser level. To be fair, the best/correct way to resolve this would be to get a trusted ssl certificated.

Both Android and iOS have been cracking down on accessing non-secure resources.

mburger81 · March 23, 2017, 8:29pm

@mhartington okay thx you very much. Tomorrow I will install a valid certificate!! thx you so much for your help as always!

rapropos · March 23, 2017, 8:32pm

For anybody else in this situation, I recommend Let’s Encrypt.

mburger81 · March 23, 2017, 8:38pm

Yes we also use Let’s encrypt the only problem was to install this to the hardware I need support of our hardware team which will take several days

thx to everyone

skinny_jones · September 4, 2017, 7:22pm

So the SSL certificate from this place is free?
If I use it in my web app Chrome will not say it is an untrusted certificate?

rapropos · September 4, 2017, 8:58pm

Yes and yes and padding.

Neonic1 · September 4, 2017, 11:35pm

Another good one is cloudflare.com, they’re who I use and I never have any downtime, slow connections, certificate issues or anything. Gets the job best to it’s abilities in my opinion.

mburger81 · October 5, 2017, 3:45pm

We can not use LET’s encrypt on a LOCAL hardware. We have a gateway and have a ionic software which is configuring the gateway. So this is an embedded solution and not a WEB solution.

So all this is not a solution for us, but we found a workaround on the problem. If we have a solution for it we would like to share it here!

mburger81 · April 5, 2018, 10:22am

You can use probably Android’s Network Security Configuration to support self signed certificates,

https://developer.android.com/training/articles/security-config.html, at the moment none of us was able to get it work.

I would like to open later a new post to discuss this and close this thread.

Mhady · February 16, 2020, 5:48am

Hello I’m new here. I’ve a ssl certification error while lunching my app(capacitor).
I tried everything I found here( Android’s Network Security ) but till now it didn’t work.
here is the error:
I/X509Util: Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
E/chromium: [ERROR:ssl_client_socket_impl.cc(941)] handshake failed; returned -1, SSL error code 1, net_error -202.
I got the error after public key generated. need help please.

MGA93 · May 28, 2020, 5:13pm

How did you solve this problem? I have the same issue here.

Mhady · May 28, 2020, 5:31pm

hello to try this. In your Bridge.java Add the sslReceidError méthode to the webview client.

03:46
You will find the Bridge.java class in capacitor-android/java/util. Add the onReceivedSslError method. Like this: public void onReceivedSslError(Webview view,SslErrorHandler handler, SslError error){ handler.proceed(); }

You’ll add this method in webview.setWebViewClient(new WebviewClie

MGA93 · June 1, 2020, 7:45pm

I tried this:

Get the certificates from the server (your_certificate.pem) and generate .crt file.
Put your_certificate.crt file in /your-app/android/app/src/main/res/raw/
Add the file network_security_config.xml in /your-app/android/app/src/main/res/xml/

File network_security_config.xml:

<network-security-config>
    <base-config cleartextTrafficPermitted="false">
        <trust-anchors>
            <certificates src="@raw/your_certificate"/>
            <certificates src="system"/>
        </trust-anchors>
    </base-config>
    <debug-overrides>
        <trust-anchors cleartextTrafficPermitted="false">
            <certificates src="@raw/your_certificate"/>
            <certificates src="system"/>
        </trust-anchors>
    </debug-overrides>
</network-security-config>

I have this structure because i use ionic 3 + Capacitor.