Can anybody suggest how to bypass or deal with the SSLHandshakeException while working on React Native Android app?
In iOS, we are able to do so by setting TSL flas as TRUE in info.plist file.
FYI, the server's certificate seems valid when we try to access any of its web service in a browser.
Related
I read all kind of posts and articles about ssl pinning in react native.
However all of those are about a privately owned domain for which we generate the certificate.
But if my API is hosted on Heroku, how can I manage SSL pinning?
Ideally, I would like to pin on hashed public key so it's easier to manage the rotation without having to release a new version.
But I have no clue how to deal with this with Heroku, with my api being hosted at myapp.herokyapp.com for example.
Also, if I suddenly add SSL pinning for my heroku, will it affect all my previous users in the current mobile version that are currently hitting on this same API?
I wouldn't want existing users to have all their requests failing.
Any help would be appreciated, thank you!
We've used javascript fetch API to connect to server which has self signed certificate, not issued by a trusted CA.
The scenario is that the user gets an option to enter custom server URL that will be changing based upon different customers(enterprises) as we've configured different servers for different customers in their infrastructure for our B2B Android App.
I did a lot of research but didn't find a way in react native android to trust them programmatically in javascript or native module.
I want to secure api, used by react native app.
If authorisation header is sent user can read a request and access data so to avoid this I want to use SSL certificate for client and server.
Now if I place certificate in asests folder it will be accessible to the users whoever download the apk.
Is it possible for the user to get the client side certificate from asests. If yes how can it be avoided.
We are using Mobilefirst 7.1 for hybrid application. We have implemented certificate pinning in the application. The certificate got expired and we replaced it with the new one. But the application is taking old certificate from Application cache and it is blocking the application to connect to server. After we remove the app cache and app data the application is working fine. Kindly suggest any solution for this?
Can you check if you have kept the same public key as before. Otherwise you will have to release a new version with the renewed certificate. Check this link for further details
I'm getting the above mention error when my client update their device to iOS 7.1, and then try to update our app from the AppCenter.
After some searching, i found a post with a similar problem here. But then since i'm in an environment where by the client is using AppCenter to update the apps, i can't be using USB to plugin and install the app for them.
Is there any workaround for downloads via AppCenter until a support is released?
A change was introduced to iOS as of iOS 7.1 that requires OTA application installation to take place over HTTPS (rather than HTTP), and no provision exists to allow the user to continue to accept the old behavior (i.e., to permit application installation over HTTP). It is my understanding that this was done as a security enhancement.
In order to do application installations on iOS 7.1 from Application Center, you would need to configure your Application Center to use HTTPS rather than HTTP, using a certificate that will be accepted as valid by your iOS device - that is, either issued by a recognized public CA, or issued by a private CA that you have set up your mobile devices to accept. You can find more information about how to perform this configuration here:
http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/topic/com.ibm.worklight.installconfig.doc/appcenter/c_ac_ssl_config.html
I would add some details. (Just work out this question)
We use self developed app center for our customers, to distribute demo/report apps.
You need SSL certificate. (see the post above)
You can buy any kind of public certificate . In some cases you can use self signed certificate previously installed on iOS device by Apple Configurator.
It seems that you don’t have to use https everywhere. Secure URL (https) must have a link to .plist only. The app center web site url and package .ipa url can still be under http.
… and shame on Apple that invents new ways to make developer life hard.