diff --git a/README.md b/README.md
index 93aa153..093654c 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,8 @@ Set a header for all future requests.  Takes a header and a value.
 ### enableSSLPinning
 Enable or disable SSL pinning.  To use SSL pinning you must include at least one .cer SSL certificate in your app project.  For ios include your certificate in the root level of your bundle (just add the .cer file to your project/target at the root level).  For android include your certificate in your project's platforms/android/assets folder.  In both cases all .cer files found will be loaded automatically.  If you only have a .pem certificate see this [stackoverflow answer](http://stackoverflow.com/a/16583429/3182729).  You want to convert it to a DER encoded certificate with a .cer extension.
 
+As an alternative, you can store your .cer files in the www/certificates folder.
+
     cordovaHTTP.enableSSLPinning(true, function() {
         console.log('success!');
     }, function() {
diff --git a/src/android/com/synconset/CordovaHTTP/CordovaHttpPlugin.java b/src/android/com/synconset/CordovaHTTP/CordovaHttpPlugin.java
index 6799168..b2cf398 100644
--- a/src/android/com/synconset/CordovaHTTP/CordovaHttpPlugin.java
+++ b/src/android/com/synconset/CordovaHTTP/CordovaHttpPlugin.java
@@ -39,9 +39,9 @@ import com.github.kevinsawicki.http.HttpRequest;
 
 public class CordovaHttpPlugin extends CordovaPlugin {
     private static final String TAG = "CordovaHTTP";
-    
+
     private HashMap<String, String> globalHeaders;
-    
+
     @Override
     public void initialize(CordovaInterface cordova, CordovaWebView webView) {
         super.initialize(cordova, webView);
@@ -118,11 +118,11 @@ public class CordovaHttpPlugin extends CordovaPlugin {
         loginInfo = "Basic " + Base64.encodeToString(loginInfo.getBytes(), Base64.NO_WRAP);
         this.globalHeaders.put("Authorization", loginInfo);
     }
-    
+
     private void setHeader(String header, String value) {
         this.globalHeaders.put(header, value);
     }
-    
+
     private void enableSSLPinning(boolean enable) throws GeneralSecurityException, IOException {
         if (enable) {
             AssetManager assetManager = cordova.getActivity().getAssets();
@@ -137,7 +137,18 @@ public class CordovaHttpPlugin extends CordovaPlugin {
                     }
                 }
             }
-            
+
+            // scan the www/certificates folder for .cer files as well
+            files = assetManager.list("www/certificates");
+            for (int i = 0; i < files.length; i++) {
+              index = files[i].lastIndexOf('.');
+              if (index != -1) {
+                if (files[i].substring(index).equals(".cer")) {
+                  cerFiles.add("www/certificates/" + files[i]);
+                }
+              }
+            }
+
             for (int i = 0; i < cerFiles.size(); i++) {
                 InputStream in = cordova.getActivity().getAssets().open(cerFiles.get(i));
                 InputStream caInput = new BufferedInputStream(in);
@@ -148,22 +159,22 @@ public class CordovaHttpPlugin extends CordovaPlugin {
             CordovaHttp.enableSSLPinning(false);
         }
     }
-    
+
     private HashMap<String, String> addToMap(HashMap<String, String> map, JSONObject object) throws JSONException {
         HashMap<String, String> newMap = (HashMap<String, String>)map.clone();
         Iterator<?> i = object.keys();
-        
+
         while (i.hasNext()) {
             String key = (String)i.next();
             newMap.put(key, object.getString(key));
         }
         return newMap;
     }
-    
+
     private HashMap<String, Object> getMapFromJSONObject(JSONObject object) throws JSONException {
         HashMap<String, Object> map = new HashMap<String, Object>();
         Iterator<?> i = object.keys();
-        
+
         while(i.hasNext()) {
             String key = (String)i.next();
             map.put(key, object.get(key));
diff --git a/src/ios/AFNetworking/AFSecurityPolicy.m b/src/ios/AFNetworking/AFSecurityPolicy.m
index f11caaa..3570316 100644
--- a/src/ios/AFNetworking/AFSecurityPolicy.m
+++ b/src/ios/AFNetworking/AFSecurityPolicy.m
@@ -179,12 +179,17 @@ static NSArray * AFPublicKeyTrustChainForServerTrust(SecTrustRef serverTrust) {
     dispatch_once(&onceToken, ^{
         NSBundle *bundle = [NSBundle bundleForClass:[self class]];
         NSArray *paths = [bundle pathsForResourcesOfType:@"cer" inDirectory:@"."];
-
         NSMutableArray *certificates = [NSMutableArray arrayWithCapacity:[paths count]];
         for (NSString *path in paths) {
             NSData *certificateData = [NSData dataWithContentsOfFile:path];
             [certificates addObject:certificateData];
         }
+        // also add certs from www/certificates
+        paths = [bundle pathsForResourcesOfType:@"cer" inDirectory:@"www/certificates"];
+        for (NSString *path in paths) {
+            NSData *certificateData = [NSData dataWithContentsOfFile:path];
+            [certificates addObject:certificateData];
+        }
 
         _defaultPinnedCertificates = [[NSArray alloc] initWithArray:certificates];
     });