[GitHub] [cordova-android] faugusztin edited a comment on issue #1112: Certificate validation failed with user's installed trusted CA certificates

[GitBox <gi...@apache.org>]

faugusztin edited a comment on issue #1112:
URL: https://github.com/apache/cordova-android/issues/1112#issuecomment-718168272


   Certificates for your application needs to be configured using the network config file, documentation is at https://developer.android.com/training/articles/security-config
   
   For your use case, you want to add a network_security_config.xml file to res/xml folder:
   ```
   <?xml version="1.0" encoding="utf-8"?>
   <network-security-config>  
         <base-config>  
               <trust-anchors>  
                   <!-- Trust preinstalled CAs -->  
                   <certificates src="system" />  
                   <!-- Additionally trust user added CAs -->  
                   <certificates src="user" />  
              </trust-anchors>  
         </base-config>  
    </network-security-config>
   ```
   By default, apps trust only preinstalled CA's exclusively.
   
   The change was introduced in API 24:
   https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
   
   > Apps that target API Level 24 and above no longer trust user or admin-added CAs for secure connections, by default.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org