my dog learned polymorphism*
The moose likes Android and the fly likes HTTPS Validate Certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Mobile » Android
Bookmark "HTTPS Validate Certificate" Watch "HTTPS Validate Certificate" New topic
Author

HTTPS Validate Certificate

Trupti Mehta
Ranch Hand

Joined: Oct 08, 2000
Posts: 79

Hello,

I am calling web service from my android client via https. I got to validate the certificate receive from server side. How do I do that ? At present this is my code that I use to call a web service.


How do I validate a self-signed certificate received from server during performing Post ? I got to do testing via public/private keys. Client will have a CA file. Ijust need the client to verify the server certificate using the CA, the service is public .This has to do with public/private key.

Any help is highly appreciated.


Regards,
Trupti (SCJP)
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41182
    
  45
How would the CA know about a self-signed certificate?


Ping & DNS - my free Android networking tools app
Trupti Mehta
Ranch Hand

Joined: Oct 08, 2000
Posts: 79

That's what my point incldes. How do I test and get the certificate received from server ?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41182
    
  45
That was a rhetorical question - since no CA knows about the certificate, what should validation entail?
Trupti Mehta
Ranch Hand

Joined: Oct 08, 2000
Posts: 79

Ulf Dittmer wrote:That was a rhetorical question - since no CA knows about the certificate, what should validation entail?


Ulf Dittmer, when I call a web service, the server sends a self-signed certificate, and I got to validate it. My first requirement is :
How to get the server's certificate?
Then coems to validate its public key.
Perry Hoekstra
Greenhorn

Joined: Dec 07, 2010
Posts: 28
Bob Lee posted on his blog a solution to this:

http://blog.crazybob.org/2010_02_01_archive.html
Trupti Mehta
Ranch Hand

Joined: Oct 08, 2000
Posts: 79

Perry Hoekstra wrote:Bob Lee posted on his blog a solution to this:

http://blog.crazybob.org/2010_02_01_archive.html


Yes Perry, already had a look at it. It needs Bouncy Castle's and all. I already have my own "certificate.cer" file. With that how do I work out !!!
Perry Hoekstra
Greenhorn

Joined: Dec 07, 2010
Posts: 28
Well, there are a number of approaches to getting this to work. The first approach is to get Android to accept a self-signed cert.

I pointed out one website and here is another: http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates

Also, there is also the Signing in Debug Mode: http://developer.android.com/guide/publishing/app-signing.html

I have not used this approach.

The final option is to deal with the self-signed cert programmaticly. This is usually done by implementing a version of the SSL Socket factory class where the verification is always set to true. There are numerous examples including:

http://mobile.synyx.de/2010/06/android-and-self-signed-ssl-certificates
http://developer.android.com/reference/org/apache/http/conn/ssl/SSLSocketFactory.html
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HTTPS Validate Certificate
 
Similar Threads
how can i use remote database sqlserver from my andriod application?
java.net.ConnectException: Connection timed out in HttpClient
Apache HTTP Components SSL Request
HttpClient issue on Https Connection (multiple post)
Login to web server with HttpClient