I am developing PhoneGap application, that consumes web service via AJAX calls. Service is running on HTTPS using self-signed SSL certificate. I tried to edit config.xml in different ways, using cordova-plugin-whitelist v1.2.1
access origin="*"
and
allow-intent href="http://*/*"
allow-intent href="https://*/*"
allow-navigation href="http://*/*"
allow-navigation href="https://*/*"
After some digging here, I found out, that usage of self-signed certificates in PhoneGap app may lead to SSL error, that is not shown when app is running, resulting in unavailability to perform AJAX calls (though on Android, surprisingly, everything works, problem exists on iOS and WP8/10 devices). I read about overriding "onSSLError" procedures in application sources, and doing so made my application work, but I have to upload that app to stores, meaning I can not use this workaround. On the other hand I am trying to evade necessity to issue authorized SSL cert because it costs. I decided to manually install my certificate on test devices prior to installing actual application. I did so, but it didn't help - application still has no network connection and cannot consume remote service.
So my question is, had anyone tried to use manually installed self-signed certificates with PhoneGap apps and did it actually worked?
After 24-hour exploration I was finally convinced, that iPhone and WindowsPhone devices reject self-signed certificates even in case they were installed prior to application installation. Only Android allows to talk to HTTPS AJAX with unverified certificates.
So the answer is: if you are building PhoneGap application and want to have secured HTTPS connection via AJAX, use CA certificates.