Wss connection between sync gateway and cb lite


We decided to use ssl in sync gateway component. There are mobile clients which have cblite in their tablet.

I generated my own self-signed certificate and run the local sync gateway with this certificate. I’m able to connect sync gw api (such as _changes) through https in my browser. Then my colleague needed to use this certificated sync gw in his computer to debug. Until now, we were using classical “ws:…” approach. He replaced with “wss:…” But he gets “The remote certificate is invalid according to the validation procedure”.

Then based on blog post ( , we used pinning mechanism. I generated .cer file and shared with my collague. However, this time he gets "WebSocket error 401 “CouchbaseLiteException (WebSocketDomain / 401): (unknown HTTP status)” message.

Could you help us regarding this issue?


To get TLS working with self-signed certs, you don’t have to do anything beyond cert pinning. As long as the pinned cert is valid and pinned correctly , it should work.

Did you try testing it from a browser on your colleague’s computer/phone ? (i.e. not just localhost). What is the common name on your cert ?

On related note, since time of writing of blog, there have been enhancements to Android such as Network Configuration to support cert pinning - you may want to consider those. This post discusses various alternatives.

It is not clear if cert validation is failing. A 401 could also imply that there was an issue authenticating the client. What do the the logs from sync gateway and couchbase lite say ? (enable debug mode) .


We understood that we had a login problem to sync gw. When we fixed it, the problem was gone.

One more question, if we have a CA approved certificate in sync gateway, should we still handle pinning or there is nothing to do?


It is not required to pin certs if it is issued by a trusted CA that the client will able to validate.

But if man-in-the-middle-attacks are a concern, you can pin CA certs as well. The blog you referred to discuses the uses for cert pinning.