SSL Pinning Sample

Supplying certificates

Certificates need to be stored in the www/certificates folder. One way to ensure this is to create a certificates folder under src and then add this to the assets property of angular.json:

              {
                "glob": "**/*.cer",
                "input": "src/certificates",
                "output": "certificates"
              },

Certificate must have a .cer extension.
Certificates must be in DER format.

Extract certificates via Browser

To extract the DER for a certificate:

Visit the url in a browser (Microsoft Edge)
Click the lock symbol next to the url
Click the "Connection is Secure" link
Click the certificate symbol next to the close button
Click the details tab
Click one of the certificates in the hierarchy
Click Export button
Choose "DER-encoded binary, single certificate" as the format
Save the file to your certificates folder with an extension of .cer
Repeat these steps for each certificate in the chain

Extracting Certs with Open SSL

This sample app connects to https://mysafeinfo.com. To extract the public certificates we can call: openssl s_client -connect mysafeinfo.com:443 -showcerts

From the output of the command, create a new file in /certificates (name it .pem)
Paste into it all certificates shown in the output.
Certificates start with the line -----BEGIN CERTIFICATE----- and end with the line -----END CERTIFICATE----- (inclusive).
If multiple are shown, paste them in the order you see them in the output.
Then convert to DER format
eg. openssl x509 -outform der -in <anything>.pem -out <anything>.cer

Check your Certificate

To validate if your .cer file is in the right format (DER) you can run this command: openssl x509 -in <anything>.cer -inform der -text -noout If it throws an error unable to load certificate then you know your file is using an incorrect format

Notes

To support Capacitor this PR is needed.
To help with debugging cert issues this PR is needed.
A fork with these changes can be installed with npm install cordova-plugin-advanced-http@https://github.com/dtarnawsky/cordova-plugin-advanced-http

Gotchas

In iOS 13 additional requirements were added to TLS certificates. These can cause an SSL failure. Read about it here
Using OpenSSL to extract all certificates in a chain can be a challenge and may not export every certificate. You may need to export from a browser

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
.vscode		.vscode
android		android
ios		ios
src		src
.browserslistrc		.browserslistrc
.editorconfig		.editorconfig
.eslintrc.json		.eslintrc.json
.gitignore		.gitignore
README.md		README.md
angular.json		angular.json
capacitor.config.ts		capacitor.config.ts
ionic.config.json		ionic.config.json
karma.conf.js		karma.conf.js
package-lock.json		package-lock.json
package.json		package.json
tsconfig.app.json		tsconfig.app.json
tsconfig.json		tsconfig.json
tsconfig.spec.json		tsconfig.spec.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SSL Pinning Sample

Supplying certificates

Extract certificates via Browser

Extracting Certs with Open SSL

Check your Certificate

Notes

Gotchas

About

Releases

Packages

Languages

dtarnawsky/cs-ssl-pinning

Folders and files

Latest commit

History

Repository files navigation

SSL Pinning Sample

Supplying certificates

Extract certificates via Browser

Extracting Certs with Open SSL

Check your Certificate

Notes

Gotchas

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages