mobile apps and TLS

[Mat <al...@gmail.com>]

This is a developer centric question and SO can't answer this question
effectively. You may want to treat it as a feature request if lacking.

 You have a local networking device with a private IP address managed using
HTTPS/web/self-signed certificates. This RSA key pair is generated at the
very first boot time on the device to have unique keys per device. Browsers
are expected to give warning due to self-signed certs. Most users know to
accept the warning and move on given it is a local device.

 Now imagine a native app with a webview. You can't pre-install this
self-signed cert given it is unique per device and generated at runtime on
the device. How would you solve this without ignoring these errors blindly?
Don't suggest a private CA option here.

Re: mobile apps and TLS

[Chris Brody <ch...@gmail.com>]

I would recommend that you ask for this to be documented in cordova-docs.
Others may recommend that you go to Slack or, unfortunately, Stack Overflow.

There are freelancers such as myself who would be happy to investigate and
document these things for hire as well.


On Tue, Jul 20, 2021 at 5:03 PM Mat <al...@gmail.com> wrote:

> This is a developer centric question and SO can't answer this question
> effectively. You may want to treat it as a feature request if lacking.
>
>  You have a local networking device with a private IP address managed using
> HTTPS/web/self-signed certificates. This RSA key pair is generated at the
> very first boot time on the device to have unique keys per device. Browsers
> are expected to give warning due to self-signed certs. Most users know to
> accept the warning and move on given it is a local device.
>
>  Now imagine a native app with a webview. You can't pre-install this
> self-signed cert given it is unique per device and generated at runtime on
> the device. How would you solve this without ignoring these errors blindly?
> Don't suggest a private CA option here.
>