Certificate Authorities Trusted by Mobile Development Kit Android App¶
Android uses a Network Security Configuration XML to customize network security settings. Mobile Development Kit developers can specify which Certificate Authorities (CA) are trusted for the app's secure connections in YourBrandedClient.mdkproject/App_Resources/Android/src/main/res/xml/network_security_config.xml
file. The default configuration for a Mobile Development Kit Android app is as follows:
<network-security-config>
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<certificates src="system"/>
</trust-anchors>
</base-config>
</network-security-config>
This means by default a Mobile Development Kit Android app only trusts the pre-installed system CAs.
If your domain uses a self-signed SSL certificate or a SSL certificate issued by company's internal CA, Mobile Development Kit app will refuse to connect to it. You need to customize the network_security_config.xml
file to let your app also trust the self-signed certificate or the internal CA using <domain-config>
as shown below.
If you would like to examine your app traffic over HTTPS during a debug session, customize the XML file to trust a debug-only CA using <debug-overrides>
as shown below:
<network-security-config>
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<certificates src="system"/>
</trust-anchors>
</base-config>
<domain-config>
<domain includeSubdomains="true">company.foo.com</domain>
<trust-anchors>
<certificates src="@raw/internal_ca"/>
</trust-anchors>
</domain-config>
<debug-overrides>
<trust-anchors>
<certificates src="@raw/debug_ca"/>
</trust-anchors>
</debug-overrides>
</network-security-config>
Add the self-signed or non-public CA certificate in PEM
or DER
format to YourBrandedClient.mdkproject/App_Resources/Android/src/main/res/raw
folder.
In the above example, the internal_ca and debug_ca are the names of the certificate files.