aspose file tools
The moose likes Android and the fly likes HTTPS Validate Certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Mobile » Android
Reply Bookmark "HTTPS Validate Certificate" Watch "HTTPS Validate Certificate" New topic
Author

HTTPS Validate Certificate

Trupti Mehta
Ranch Hand

Joined: Oct 08, 2000
Posts: 79

I like...
Android Java Java ME
posted
0
Quote
Hello,

I am calling web service from my android client via https. I got to validate the certificate receive from server side. How do I do that ? At present this is my code that I use to call a web service.


How do I validate a self-signed certificate received from server during performing Post ? I got to do testing via public/private keys. Client will have a CA file. Ijust need the client to verify the server certificate using the CA, the service is public .This has to do with public/private key.

Any help is highly appreciated.

Regards,
Trupti (SCJP)
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 35444
    
    9
posted
0
Quote
How would the CA know about a self-signed certificate?

Android appsImageJ pluginsJava web charts
Trupti Mehta
Ranch Hand

Joined: Oct 08, 2000
Posts: 79

I like...
Android Java Java ME
posted
0
Quote
That's what my point incldes. How do I test and get the certificate received from server ?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 35444
    
    9
posted
0
Quote
That was a rhetorical question - since no CA knows about the certificate, what should validation entail?
Trupti Mehta
Ranch Hand

Joined: Oct 08, 2000
Posts: 79

I like...
Android Java Java ME
posted
0
Quote
Ulf Dittmer wrote:That was a rhetorical question - since no CA knows about the certificate, what should validation entail?


Ulf Dittmer, when I call a web service, the server sends a self-signed certificate, and I got to validate it. My first requirement is :
How to get the server's certificate?
Then coems to validate its public key.
Perry Hoekstra
Greenhorn

Joined: Dec 07, 2010
Posts: 28
posted private message
0
Quote
Bob Lee posted on his blog a solution to this:

http://blog.crazybob.org/2010_02_01_archive.html
Trupti Mehta
Ranch Hand

Joined: Oct 08, 2000
Posts: 79

I like...
Android Java Java ME
posted
0
Quote
Perry Hoekstra wrote:Bob Lee posted on his blog a solution to this:

http://blog.crazybob.org/2010_02_01_archive.html


Yes Perry, already had a look at it. It needs Bouncy Castle's and all. I already have my own "certificate.cer" file. With that how do I work out !!!
Perry Hoekstra
Greenhorn

Joined: Dec 07, 2010
Posts: 28
posted private message
0
Quote
Well, there are a number of approaches to getting this to work. The first approach is to get Android to accept a self-signed cert.

I pointed out one website and here is another: http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates

Also, there is also the Signing in Debug Mode: http://developer.android.com/guide/publishing/app-signing.html

I have not used this approach.

The final option is to deal with the self-signed cert programmaticly. This is usually done by implementing a version of the SSL Socket factory class where the verification is always set to true. There are numerous examples including:

http://mobile.synyx.de/2010/06/android-and-self-signed-ssl-certificates
http://developer.android.com/reference/org/apache/http/conn/ssl/SSLSocketFactory.html
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: HTTPS Validate Certificate
 
Similar Threads
Apache HTTP Components SSL Request
java.net.ConnectException: Connection timed out in HttpClient
Login to web server with HttpClient
HttpClient issue on Https Connection (multiple post)
how can i use remote database sqlserver from my andriod application?