Dear all,
our client needed to install a new CA certificate on their server (On-Premise OutSystems).The app which we have build is not working anymore.THhe devices they are using are scanners still running Android 10.So installing a new trusted CA certificate should be done manually, but after doing this the certificate is found in the user-folder instead of the system-folder.Also the app is still not working. Does anybody has an idea how to fix this?Rebuild and install a new APK? Or other ideas are welcome to.Best regards,Jeroen Vormer
I already build a cordova plugin to overwrite the cinfig file during build.
Could you please provide steps for this so we can follow the same
The issue with Android 10 devices failing to work after a new CA certificate is installed, particularly when the certificate is in the user folder instead of the system folder, is due to Android's stricter certificate trust policies.
Starting with Android 10, applications no longer trust certificates from the user-added certificate store by default. Certificates must be in the system store to be trusted by applications unless additional configuration is made in the app.
To resolve this issue for your OutSystems app, follow these steps:
If moving the certificate to the system store is not an option, you can configure the app to trust user-installed certificates by adding a custom network_security_config.xml file. Here's how:
network_security_config.xml
Open your OutSystems app in Service Studio.
Add an override file for the Network Security Configuration by following the steps outlined in the OutSystems documentation.
Network Security Configuration
Define the configuration to trust certificates in the user store. For example:
<?xml version="1.0" encoding="utf-8"?> <network-security-config> <domain-config cleartextTrafficPermitted="true"> <trust-anchors> <certificates src="user"/> <certificates src="system"/> </trust-anchors> </domain-config> </network-security-config>
Publish the updated app and rebuild the APK or AAB files.
Android devices validate the entire certificate chain. If there are intermediate certificates that aren’t installed on the server or the devices, the app may fail to connect even if the root certificate is trusted. Make sure:
Testing across Android versions will help confirm the issue is indeed specific to certificate policies on Android 10. If it works on devices running older Android versions but fails on Android 10+, the steps above should resolve the issue.
If the app still fails even after applying these steps, consider opening a support ticket with OutSystems. Provide details about the CA certificate, server configuration, and devices where the issue is observed. The support team can help investigate further or provide additional solutions.
For more information on dealing with certificates in OutSystems Cloud or on-premise environments, check these articles: How OutSystems protects your Android and iOS certificates.
how to overwrite network security config file..since build generation.if adding under resources.not overwrite..pls suggest
network security config file how we can overwrite..is build generation file where can edit pls support
@Gowthaman vijayakumaranHave a look at: https://github.com/VormerICT/add-user-certificates.git .You can also put this in your Extensibility Configurations:
{ "plugin": { "url": "https://github.com/VormerICT/add-user-certificates.git" }}
Also (according to https://success.outsystems.com/documentation/11/deploying_apps/mobile_apps_packaging_and_delivery/customize_your_mobile_app/extensibility_configurations_json_schema/) this should work when adding in Extensibility Configurations:
{ "preferences": { "global": [ { "name":"RemoveUserCertificates", "value":"false" } ] }}