1

My mobile app needs to connect to a server with self-signed certificate only. Is it possible to do this? Because the app is built using codenameone, there are many Java classes missing and thus I can't use normal Java solution.

The app needs to be run in both iOS and Android.

Thanks for any suggestions.

Jensan
  • 57
  • 7

1 Answers1

0

At this time this isn't supported since Codename One uses the native connection API's on the various platforms (e.g. NSUrl on iOS so this can't be implemented there.

In fact Apple recently limited the ability to access non-https URLs so even if this was added it might trigger an issue with Apple's future policies.

Since valid certificates can be purchased for 5USD the motivation in using self signed certificates is much lower than it used to be in the past.

Shai Almog
  • 51,749
  • 5
  • 35
  • 65
  • This topic is somewhat old, but got new traction with Google's similar approach. It seems, that Android is now also prohibiting the use of non-HTTPS calls, however this was working just a few months back. Is it possible to debug such kind of web calls to definitely know what the issue is? Either "no HTTP call allowed anymore. use HTTPS instead" or "self-signed certificate rejected"? I am assuming why my web serivce no longer works, but so far I am just guessing instead of knowing. – Lequi Aug 05 '19 at 12:04
  • You should add this hint: https://stackoverflow.com/questions/57121953/usescleartexttraffic-not-permitted/57130188#57130188 – Shai Almog Aug 06 '19 at 02:24
  • ok, that is a confirmation of Google prohibiting the use of HTTP traffic as I suspected. However, this thread talks about the building process and a build hint, which I assume aims to allow building the app in the first place. I was hoping to get debugging information, while the app is already running in the simulator. As I can run it, my tomcat webserver is configured with a self-signed certificate and the connector settings work, however the app just doesnt do anything. I dont get any exception thrown, it just freezes. hard to get confirmation this way. Is it possible to debug that? – Lequi Aug 06 '19 at 12:53
  • another thought: is it possible to have the simulator trust certain certificate authorities? this way, one could you a simple self-signed certificate during the development phase. currently, even the simulator is ignoring my self-signed cert and I cant test at all. I dont favor doing all future testing in my prod environment with a live certificate. – Lequi Aug 06 '19 at 15:24
  • You can install a certificate into the JDK used to run the simulator and it will trust that signer. – Shai Almog Aug 07 '19 at 02:19