ionic framework / ionic native http: ssl client based authentification

Question

im refering to this issue: https://forum.ionicframework.com/t/ionic-native-http-ssl-client-based-authentification/129596

any ideas how to implement ssl client based authentification (mutual tls) within the ionic framework? im using the ionic native http plugin. i placed the .cer file within the platforms/android/asset folder.

this.http.acceptAllCerts(true);
this.http.enableSSLPinning(false);

this.http.get('https://someip/backend/all', {}, {})
  .then(data => {
    console.log("data",data)
  })
  .catch(error => {
    console.log("error",error);
  });

currently the http requests are not sending the required ssl certificate with each request.

<html>
<head><title>400 No required SSL certificate was sent</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>No required SSL certificate was sent</center>
<hr><center>nginx/1.10.3 (Ubuntu)</center>
</body>
</html>

same issue when using angular/http to send the http requests

ionic info

cli packages: (C:\Users\myname\AppData\Roaming\npm\node_modules)

@ionic/cli-utils  : 1.19.2
ionic (Ionic CLI) : 3.20.0

global packages:

cordova (Cordova CLI) : not installed

local packages:

@ionic/app-scripts : 3.1.8
Cordova Platforms  : android 6.3.0 browser 5.0.0
Ionic Framework    : ionic-angular 3.9.2

System:

Android SDK Tools : 26.1.1
Node              : v6.11.3
npm               : 3.10.10
OS                : Windows 10

Environment Variables:

ANDROID_HOME : C:\Users\myname\Android\sdk

Misc:

backend : pro

Answer 1

For Android, I use Cordova with the plugin "cordova-client-cert-authentication" installed, this worked straight away: After installing the plugin and compiling the app, it asks for which certificate to use as soon as the app is started and the requests work as expected.

This does require you to install the certificate in your phone's identity storage though, which forces you to enable a lock-screen on your device.