Self-signed certificate https doesnt work in release build

In my app i need to make https request to server with self-signed certificate. Problem is, when i build app with --release parameter, it just dont work, because the certificate is self-signed and so considered as invalid. Is there any way to bypass this? Iam getting really desperate :smiley:

2 Likes

Found this article, did you already saw it? could that help?

http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/

3 Likes

Also found this plugin, did you tried it?

Other idea, if possible, why not using a not self signed certificate?

Like Let’s Encrypt, these certificates are free. You just have to renew them every three months (I think) but you could automate this task.

https://letsencrypt.org

The problem is that its clients server, co i have no control over certificate, i have only installed api… Ill try that certificate plugin, but how do i use plugin that is not in ionic native, like this one?

What a bummer that you can’t control the server :frowning:

I didn’t used personally this plugin, so the following just gonna be best guess ok?

According the README you would have to activate the plugin by calling

 cordova.plugins.certificates.trustUnsecureCerts(true)

To do so you could, I guess, just declare cordova before your class, like

declare var cordova:any;

@Component({...})
export class ...

this will tells the build process that cordova has any types and therefore won’t throw a compilation error.

Note: it looks like this plugin doesn’t work for iOS/WkWebView (https://github.com/hypery2k/cordova-certificate-plugin/issues/18) therefor if you finally really goes with this solution, I would ensure to only use it on Android

But like I said, these are only spontaneous guess

1 Like

and so i activate this i just write cordova.plugins.certificates.trustUnsecureCerts(true) somewhere in my app and it will work for all requests?

Well according the README it sounds like this but like I said I never tried this plugin so for me it’s only a guess

Tried it, doesnt seems to be working, but anyway thx form help. Anyone has some experience with this plugin?

1 Like

i tried http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/1

and it works :slight_smile: Thx a lot :slight_smile: As a temporary solution it is ok, but i dont know if it isnt a security issue in production.

So cool! Glad to hear you find a solution, congrats!

Of course for a production solution it would maybe be better to use a not self signed certificate for the server, maybe the guys who handle the servers gonna improve that…

1 Like

Yea i will talk with their IT tommorow, so we will see :slight_smile: Now its up to them. But anyway thx a lot for your help and time

1 Like

Finger crossed, good luck :slight_smile:

Has anyone figured out the self-signed cert in Ionic 4?

I’m using Angular HttpClient to call my web services and it’s not working. Would love to see a solution if any can help.

thx :slight_smile: works in ionic 4 too. In cordova 7+ /SystemWebViewClient.java instead of /CordovaWebViewClient.java

had the same problem
try this in \app\platforms\android\CordovaLib\src\org\apache\cordova\engine\SystemWebViewClient.java
ca row 228
use handler.proceed(); instead of super.onReceivedSslError(view, handler, error);

ApplicationInfo appInfo;
try {
appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
// debug = true
handler.proceed();
return;
} else {
// debug = false
//super.onReceivedSslError(view, handler, error);
handler.proceed();
}
} catch (NameNotFoundException e) {
// When it doubt, lock it out!
super.onReceivedSslError(view, handler, error);
}

worked for me with ionic 4 anc cordova andrid @7.1.4

Hey guys, sorry to reopen: I’ve tried the cordova-certificate-plugin trustUnsecureCerts() but I’m not able to use that in production: actually accessing cordova breaks the application, in fact the trustUnsecureCerts is undefined… Somebody has been experiencing this?

I have one more question, is there a way to make this workaround work in app with capacitor? Or any other way to make selfsigned cretificates work in capacitor based apps?

1 Like

Hi, I have the same problem with capacitor on ios, did you find any solution?

1 Like

iam sorry, but i have no experience with this on ios. I wasnt able to solve it even on android with capacitor. Looks like http native and certificate pinning is the only way, but i havent tried it yet.