Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes Android and the fly likes Client SSL Certificates without keystores Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Mobile » Android
Bookmark "Client SSL Certificates without keystores" Watch "Client SSL Certificates without keystores" New topic

Client SSL Certificates without keystores

Don Henderson

Joined: Mar 14, 2011
Posts: 2

Hi all - new here!
I know this is a can of worms, but I'm implementing an API in an android app, which needs client authentication using a certificate.
I really don't want to use keystores and truststores and bouncy castle etc as it only adds complexity - this needs to be run at startup, and should be as quick and painless as possible. I don't want to depend on a whole JAR just for that functionality.

So, in any other language (thinking Ruby and C in particular), I can just read the .pem from a file, or even hard-code it in.
I've read about the Certificate, X509Certificate and SSLSocketFactory in java/android, but there doesn't seem to be an easy way to just present this to a client and say "go for it".

Has anyone done this, either in "android java" or even normal java who could give me some pointers or a code snippet. Eternal love and appreciation will go the way of anyone who can.

Perry Hoekstra

Joined: Dec 07, 2010
Posts: 28
I did not think that *.pem files were supported in Android, only *.p12 (PKCS#12).
I agree. Here's the link:
subject: Client SSL Certificates without keystores
jQuery in Action, 3rd edition