I'm making a app in cordova, this app communicate with a API, and I would like to be this communication a secure communication.
Some background information
- My API has a SSL Certificate created by letsencrypt.
- In my app I'm useing the cordova-plugin-advanced-http
- To check the trafic between the app and the api I use Packet Capture link
- Only working for android
Want do I want
- Encrypted traffic
- Prevent man in the middle attack ( If this has been detected, there will be no traffic)
- If I look at Packet Capture log's I don't wanna find any information
What did I tryed
- try the ssl link =
cordova.plugin.http.sendRequest('https://domain.tk/API/some/endport/', function(response) {
// prints 200
}, function(response) {
// prints 403
})
Data is not encrypted , I can see everything in Packet Capture
- Made a CER file, put it in my project and pinned my connection
cordova.plugin.http.setServerTrustMode('pinned', function(e) {
console.log('success!');
}, function() {
console.log('error :(');
});
When I starting Packet Capture TLS is not established (so no data find in Packet Capture). When I Packet Capture doesn't running traffic is working fine (GREAT)
Problem
The pinned methode is working "fine" the problem is if my certificat will be renewal , I always have to update my CER file in my app, and this is the problem. I'm not able to find the solution by myself.
I talked to the support of my host, and I can't see the details in there certbot (for the --reuse-key option link).
Can anyone give me tips for a encrypted traffic, that prevent man in the middle attack in a cordova app? Thanks !
