If they implement SSL on their wordpress site, will both the IOS and Android application automatically work through that SSL certificate or do we need to purchase another certificate. Please explain?
Apppresser creates a mobile wrapper around your site which means that any communication it has with the site will be over the protocol you have installed on the server. If you are using https:// when accessing the site when you create the app then it will be secure.
Related
I am developing an iOS & Android Application with React Native. I use to access my backend server with "normal" url -> http:// ....
Now since i have changed it and added ssl i need to use my new backend url with ssl which is https://
On iOS everything works like it should. The problems are caused by my android app.
I am not sure how to solve this. Is there anything i have to do to access ssl based urls for android? Maybe in my Manifest or something? Any hints would be great...
Android doesn't want to trust server's certificate.
Which Android version you'd tested?
Older versions like 4.1.x haven't installed 'less known' CA's.
Try it with Marshmallow.
To fix it you can always install a proper certificate on the device by hand (settings->security->load ca from sdcard) or change CA on the server to one which is more 'known' (probably more expensive).
BTW. Check out the logs. It should fail on SSl handshake.
Another test you can do is publishing a simple website by this server and try running this website over https on affected Android device. If the system doesn't trust it browser will alert you about that. For instance:
OK, I have a bit of a strange issue. I have an ssl-only website secured with a Comodo PositiveSSL certificate and the certificate is installed properly on an NGINX server and has been working with no issue.
Every major browser renders the site and links to it on Desktop / Mobile with no certificate errors, however on the Android version of the Facebook mobile app, no matter what, the in-app browser displays a security certificate warning. The regular Android browser / Chrome work just fine in addition to the in-app browser on the Facebook iOS app having no problems whatsoever.
I have tried nearly everything including re chaining the certificate, enabling only secure cypher suites, making sure there is no plain HTTP content and using an NGINX server block to redirect plain HTTP requests to the HTTPS site. My users on this combo are understandably beginning to get a bit frustrated.
I am developing phoneGap application which is integrated with web service for requesting data.
Communication used to happen through HTTP but I want to take it to HTTPS communication.
I integrated SSL for my tomcat server and I can send HTTPS request from RESTClient using browser.
But my phoneGap mobile application is not able to communicate for HTTPS request.
Any extra setting required for it?
I am targeting android and iOS for now.
Any help will be appreciated.
We had to face the same issue last week in our own project.
In Android we didn't have any problem with it, we observed that Android trusted all the certificates (are you having issues with Android?), however in iOS we had some trouble.
The first thing you can do is to install the trusted certificate in your iOS... but it will be problematic for basic users.
The solution we decided to take was to allow access to all SSL for our application, in order to do that you have to add the next code at the end of your AppDelegate.m file:
#implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
#end
I use ksoap2 to access a webservice. Everything was just fine before to change the test webservice with production one, witch use a https protocol.
I know that this question was asked few more times here, on stackoverflow, but none of the answers work for me. When I use ksoap2 with https I got this error (exception):
Not trusted server certificate
Someone provided and answer (solution) here: Android ksoap2 via https but I don't understand how to implement that solution (or the proposed solution is not working for me)
The certificate used by WS is a self issued ssl certificate - I use the application only inside a small company, but the company system administrator requires encrypted connection.
Can someone provide a better explanation for this issue?
Thank you.
I had a similar problem. Basically, when using Http related classes with the https protocol, Android will check with its installed certificates(which I believe are stored in the os keystore).
Because your certificate is self-signed, the certificate is not trusted.
I added my self-signed certificate to my app for testing purposes(alexander.egger's answer at How to install trusted CA certificate on Android device?). Maybe you can use this approach?
I guess Vedran's approach at Android ksoap2 via https does a similar thing and should work too. What part of that answer is unclear?
However, I dont think these are good solutions.
For my production environment, I ordered a (cheap) ssl certificate from a signing authority trusted by all Android devices and installed it on the server. I am not going to advertise here, but most commercial ssl certificates are trusted by all android devices, and it should be easy to find a cheap one with some research. I think this is the best solution to this problem.
Without a proper ssl certificate, your server would be untrusted to the entire world except your particular app, which is probably not a good solution(what if you extend to an ios device, a third party application calling the webservice,etc..).
We are creating a browser based HTML5 application targeted for Android devices through the Chrome browser. Security is a chief concern and beyond userid/password requirements, the company also desires to ensure each user has a proper SSL certificate installed before granting access.
Does this even make sense, and if so, can someone provide some resources where I can research this further?
I always thought the cert was stored on the server to secure a session between itself and a client. But I am not aware of the browser somehow providing an installed cert to a server that ensures it is a valid client.
SSL communications can involve certificates installed to both the client and server. An IIS website can be configured to require a client side certificate is installed.
Regarding Android, current versions do not support leveraging an installed client side certificate through the browser. This thread is tracking this particular feature.
http://code.google.com/p/android/issues/detail?id=11231#c107