Persistent SSL Pinning Failure in Capacitor iOS Project #535
Description
### Subject: Persistent NSURLErrorDomain Code=-1200 (SSL Error) when using setServerTrustMode('pinned') in Capacitor/iOS
Environment Details
Plugin Name & Version: cordova-plugin-advanced-http (Please specify the exact version you have installed)
Wrapper Used: @awesome-cordova-plugins/http (Please specify the exact version you have installed)
Hybrid Framework: Capacitor
Frontend Framework: React + Vite
Platform: iOS
Description of the Issue
When attempting to implement SSL Certificate Pinning using setServerTrustMode('pinned') in a Capacitor iOS application, all network requests made via the plugin fail with the native iOS error NSURLErrorDomain Code=-1200 ("An SSL error has occurred and a secure connection to the server cannot be made.").
This indicates that the plugin is failing to establish trust using the pinned certificate, despite extensive troubleshooting.
Steps to Reproduce
Integrate cordova-plugin-advanced-http via Capacitor.
Obtain all three certificates for the target domain Leaf, Intermediate (GeoTrust TLS RSA CA G1), and Root.
Ensure all certificates are in DER format (.cer extension).
Manually add the chosen certificate (e.g., the Intermediate CA) to the XCode project under the App target's Build Phases -> Copy Bundle Resources section, bypassing the standard www/certificates location due to Capacitor environment.
In the app's initialization code (e.g., Main.tsx), call setServerTrustMode('pinned') using direct access to the Cordova object to avoid typing issues:
JavaScript
const AdvancedHTTP = (window as any).cordova?.plugin?.http;
AdvancedHTTP.setServerTrustMode("pinned", () => {
// Success
}, (error) => {
// Error
});
Execute any network request using HTTP.get() to the target domain.
Observed Behavior (iOS Console Log)
The request fails instantly with the following recurring error pattern, showing the server's correct certificate chain but a trust failure:
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={..., NSErrorPeerCertificateChainKey=(
"<cert(0x...) s: *.bluestarindia.com i: GeoTrust TLS RSA CA G1>",
"<cert(0x...) s: GeoTrust TLS RSA CA G1 i: DigiCert Global Root G2>",
"<cert(0x...) s: DigiCert Global Root G2 i: DigiCert Global Root G2>"
), ...}
Troubleshooting Performed (Crucial for the Devs)
We have systematically ruled out the following common causes:
Code Timing: setServerTrustMode('pinned') is called and successfully resolved before the first network request.
Certificate Format/Extension: Verified all certificates are correctly converted to DER format with a .cer extension using openssl.
Certificate Placement: Manually added the .cer file to the XCode project's Copy Bundle Resources to ensure it's in the final app bundle, a common requirement for Capacitor.
Certificate Content: Tested pinning all three certificates individually (Leaf, Intermediate CA, and Root CA) in the "Copy Bundle Resources." All tests failed with the same error.
Pinning Mode: Confirmed that the simpler Certificate Pinning mode ("pinned") with the 3-argument function signature is being used correctly, ruling out argument parsing errors.