How to accept a self-signed certificate, using Cordova

mwarren2 · April 28, 2017, 7:05pm

I would like the self-signed certificate on my development machine server to be accepted by my IOS app.
Obviously I don’t want to buy a certificate for a development machine.

There are some solutions out there, but the only one that looks easy and reliable to enact is a cordova plug-in called cordova-certificate-plugin.

The Readme blurb promises the following, which would be great:

cordova Plugin to configure SSL Certificates, currently used to enable usage of untrusted aka self-signed SSL certifcates

I have a file in imports/startup/client with the following code:

import { Meteor } from 'meteor/meteor';

console.log('just before startup for trust certificates');

Meteor.startup(() => {
    console.log('cordova.plugins.certificates', cordova.plugins.certificates);
    cordova.plugins.certificates.trustUnsecureCerts(true);
});

Unfortunately this does not work, I’m not even seeing either of the _console.log_s in a Safari debug.
Has anybody used this plugin who can put me on the right track please?

Thanks.

waldgeist · April 28, 2017, 7:15pm

Is your dev server hosted somewhere? In this case, I’d recommend letsencrypt. It’s free and a real certificate.

mwarren2 · April 28, 2017, 10:10pm

Thanks for the reminder @waldgeist .

I saw it, but due to the 90 days limit, I thought I’d try other possibilities.
However, given the blanks I’ve drawn, I think you may be right.

I had a startssl certificate which was free and worked very well, but they are no long accepted by anyone. So letsencrypt would be a good replacement.
(My dev server is on a docker-machine on my mac).

herteby · April 29, 2017, 7:22am

Letsencrypt is excellent. They also provide a script that automatically updates your certificate.

mwarren2 · May 2, 2017, 8:05pm

Just discovered why the plugin doesn’t work. There is an issue that’s been open for 6 months

WKWebview does not use NSURLProtocol under the hood so the current approach to allow self-signed certificates does not work.

I can’t use Letsencrypt in the usual automatic way. I use Cloudflare and there’s no support and anyway I don’t want the certificate to be installed on a production machine. Incidentally I use the CloudFlare free certificates for production and they work very well.
However I do have control of a root domain, so I will create a subdomain and do a LetsEncrypt manual install. It should work.
P.S. In fact the manual install went very well.