My application performs some HR related functions. When the user hits “apply leave” button, at the back-end it validates against employer credentials. If everything is fine then code is written that hits an Apache server (URL is over HTTP).
In order that every request from my application to the server should be done in secure way, we should convert that from Http to Https. I know the process in the case of web application to server, like installing the certs in server, but how I do that in case of mobile application?
Mobile applications are exactly the same here; they also simply use HTTP (or HTTPS) traffic to communicate with the server.
You may sometimes run into two issues. First, you may have http URLs hard coded throughout the site that inadvertently switch your users back to http. Second, you may have outside URLs (such as CDNs etc.) that don’t use https.
A third issue is that it’s not enough to simply turn on HTTPS and think you are all done. You will need to carefully tune the ciphers to avoid insecure configurations.
Source : Link , Question Author : Community , Answer Author : Kevin Keane