Self-signed certificate https doesnt work in release build

In my app i need to make https request to server with self-signed certificate. Problem is, when i build app with --release parameter, it just dont work, because the certificate is self-signed and so considered as invalid. Is there any way to bypass this? Iam getting really desperate :smiley:


Found this article, did you already saw it? could that help?


Also found this plugin, did you tried it?

Other idea, if possible, why not using a not self signed certificate?

Like Let’s Encrypt, these certificates are free. You just have to renew them every three months (I think) but you could automate this task.

The problem is that its clients server, co i have no control over certificate, i have only installed api… Ill try that certificate plugin, but how do i use plugin that is not in ionic native, like this one?

What a bummer that you can’t control the server :frowning:

I didn’t used personally this plugin, so the following just gonna be best guess ok?

According the README you would have to activate the plugin by calling


To do so you could, I guess, just declare cordova before your class, like

declare var cordova:any;

export class ...

this will tells the build process that cordova has any types and therefore won’t throw a compilation error.

Note: it looks like this plugin doesn’t work for iOS/WkWebView ( therefor if you finally really goes with this solution, I would ensure to only use it on Android

But like I said, these are only spontaneous guess

1 Like

and so i activate this i just write cordova.plugins.certificates.trustUnsecureCerts(true) somewhere in my app and it will work for all requests?

Well according the README it sounds like this but like I said I never tried this plugin so for me it’s only a guess

Tried it, doesnt seems to be working, but anyway thx form help. Anyone has some experience with this plugin?

1 Like

i tried

and it works :slight_smile: Thx a lot :slight_smile: As a temporary solution it is ok, but i dont know if it isnt a security issue in production.

So cool! Glad to hear you find a solution, congrats!

Of course for a production solution it would maybe be better to use a not self signed certificate for the server, maybe the guys who handle the servers gonna improve that…

1 Like

Yea i will talk with their IT tommorow, so we will see :slight_smile: Now its up to them. But anyway thx a lot for your help and time

1 Like

Finger crossed, good luck :slight_smile:

Has anyone figured out the self-signed cert in Ionic 4?

I’m using Angular HttpClient to call my web services and it’s not working. Would love to see a solution if any can help.

thx :slight_smile: works in ionic 4 too. In cordova 7+ / instead of /

had the same problem
try this in \app\platforms\android\CordovaLib\src\org\apache\cordova\engine\
ca row 228
use handler.proceed(); instead of super.onReceivedSslError(view, handler, error);

ApplicationInfo appInfo;
try {
appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
// debug = true
} else {
// debug = false
//super.onReceivedSslError(view, handler, error);
} catch (NameNotFoundException e) {
// When it doubt, lock it out!
super.onReceivedSslError(view, handler, error);

worked for me with ionic 4 anc cordova andrid @7.1.4

Hey guys, sorry to reopen: I’ve tried the cordova-certificate-plugin trustUnsecureCerts() but I’m not able to use that in production: actually accessing cordova breaks the application, in fact the trustUnsecureCerts is undefined… Somebody has been experiencing this?

I have one more question, is there a way to make this workaround work in app with capacitor? Or any other way to make selfsigned cretificates work in capacitor based apps?

Hi, I have the same problem with capacitor on ios, did you find any solution?

iam sorry, but i have no experience with this on ios. I wasnt able to solve it even on android with capacitor. Looks like http native and certificate pinning is the only way, but i havent tried it yet.