We decided to use ssl in sync gateway component. There are mobile clients which have cblite in their tablet.
I generated my own self-signed certificate and run the local sync gateway with this certificate. I’m able to connect sync gw api (such as _changes) through https in my browser. Then my colleague needed to use this certificated sync gw in his computer to debug. Until now, we were using classical “ws:…” approach. He replaced with “wss:…” But he gets “The remote certificate is invalid according to the validation procedure”.
Then based on blog post (https://blog.couchbase.com/certificate-pinning-android-with-couchbase-mobile/) , we used pinning mechanism. I generated .cer file and shared with my collague. However, this time he gets "WebSocket error 401 “CouchbaseLiteException (WebSocketDomain / 401): (unknown HTTP status)” message.
To get TLS working with self-signed certs, you don’t have to do anything beyond cert pinning. As long as the pinned cert is valid and pinned correctly , it should work.
Did you try testing it from a browser on your colleague’s computer/phone ? (i.e. not just localhost). What is the common name on your cert ?
On related note, since time of writing of blog, there have been enhancements to Android such as Network Configuration to support cert pinning - you may want to consider those. This post discusses various alternatives.
It is not clear if cert validation is failing. A 401 could also imply that there was an issue authenticating the client. What do the the logs from sync gateway and couchbase lite say ? (enable debug mode) .