diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6516a72..8a522c9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
 
 - :warning: **Breaking Change**: Removed AngularJS (v1) integration service
 - :warning: **Breaking Change**: Removed "enableSSLPinning" and "acceptAllCerts", use "setSSLCertMode" instead
+- :warning: **Breaking Change**: Certificates must be placed in "www/certificates" folder
 
 ## 1.11.1
 
diff --git a/README.md b/README.md
index b2c3d9b..4de62bc 100644
--- a/README.md
+++ b/README.md
@@ -135,9 +135,9 @@ Set SSL Cert handling mode, being one of the following values:
 * `nocheck`: disable SSL cert checking, trusting all certs (meant to be used only for testing purposes)
 * `pinned`: trust only provided certs
 
-To use SSL pinning you must include at least one .cer SSL certificate in your app project.  You can pin to your server certificate or to one of the issuing CA certificates. For ios include your certificate in the root level of your bundle (just add the .cer file to your project/target at the root level).  For android include your certificate in your project's platforms/android/assets folder.  In both cases all .cer files found will be loaded automatically.  If you only have a .pem certificate see this [stackoverflow answer](http://stackoverflow.com/a/16583429/3182729).  You want to convert it to a DER encoded certificate with a .cer extension.
+To use SSL pinning you must include at least one `.cer` SSL certificate in your app project.  You can pin to your server certificate or to one of the issuing CA certificates. Include your certificate in the `www/certificates` folder. All `.cer` files found there will be loaded automatically.
 
-As an alternative, you can store your .cer files in the www/certificates folder.
+:warning: Your certificate must be DER encoded! If you only have a PEM enoceded certificate see this [stackoverflow answer](http://stackoverflow.com/a/16583429/3182729). You want to convert it to a DER encoded certificate with a .cer extension.
 
 ```js
 // enable SSL pinning
diff --git a/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java b/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java
index ccf218c..df16753 100644
--- a/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java
+++ b/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java
@@ -136,22 +136,11 @@ public class CordovaHttpPlugin extends CordovaPlugin {
 
     private void loadSSLCerts() throws GeneralSecurityException, IOException {
         AssetManager assetManager = cordova.getActivity().getAssets();
-        String[] files = assetManager.list("");
-        int index;
+        String[] files = assetManager.list("www/certificates");
         ArrayList<String> cerFiles = new ArrayList<String>();
-        for (int i = 0; i < files.length; i++) {
-            index = files[i].lastIndexOf('.');
-            if (index != -1) {
-                if (files[i].substring(index).equals(".cer")) {
-                    cerFiles.add(files[i]);
-                }
-            }
-        }
 
-        // scan the www/certificates folder for .cer files as well
-        files = assetManager.list("www/certificates");
         for (int i = 0; i < files.length; i++) {
-          index = files[i].lastIndexOf('.');
+          int index = files[i].lastIndexOf('.');
           if (index != -1) {
             if (files[i].substring(index).equals(".cer")) {
               cerFiles.add("www/certificates/" + files[i]);
diff --git a/src/ios/AFNetworking/AFSecurityPolicy.m b/src/ios/AFNetworking/AFSecurityPolicy.m
index 70418cb..4c04e22 100644
--- a/src/ios/AFNetworking/AFSecurityPolicy.m
+++ b/src/ios/AFNetworking/AFSecurityPolicy.m
@@ -156,16 +156,9 @@ static NSArray * AFPublicKeyTrustChainForServerTrust(SecTrustRef serverTrust) {
 @implementation AFSecurityPolicy
 
 + (NSSet *)certificatesInBundle:(NSBundle *)bundle {
-    NSArray *paths = [bundle pathsForResourcesOfType:@"cer" inDirectory:@"."];
-
+    NSArray *paths = [bundle pathsForResourcesOfType:@"cer" inDirectory:@"www/certificates"];
     NSMutableSet *certificates = [NSMutableSet setWithCapacity:[paths count]];
-    for (NSString *path in paths) {
-        NSData *certificateData = [NSData dataWithContentsOfFile:path];
-        [certificates addObject:certificateData];
-    }
-    
-    // also add certs from www/certificates
-    paths = [bundle pathsForResourcesOfType:@"cer" inDirectory:@"www/certificates"];
+
     for (NSString *path in paths) {
         NSData *certificateData = [NSData dataWithContentsOfFile:path];
         [certificates addObject:certificateData];
@@ -284,13 +277,13 @@ static NSArray * AFPublicKeyTrustChainForServerTrust(SecTrustRef serverTrust) {
 
             // obtain the chain after being validated, which *should* contain the pinned certificate in the last position (if it's the Root CA)
             NSArray *serverCertificates = AFCertificateTrustChainForServerTrust(serverTrust);
-            
+
             for (NSData *trustChainCertificate in [serverCertificates reverseObjectEnumerator]) {
                 if ([self.pinnedCertificates containsObject:trustChainCertificate]) {
                     return YES;
                 }
             }
-            
+
             return NO;
         }
         case AFSSLPinningModePublicKey: {
@@ -307,7 +300,7 @@ static NSArray * AFPublicKeyTrustChainForServerTrust(SecTrustRef serverTrust) {
             return trustedPublicKeyCount > 0;
         }
     }
-    
+
     return NO;
 }