Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

HTTPS Validate Certificate

 
Ranch Hand
Posts: 79
Android Java ME Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I am calling web service from my android client via https. I got to validate the certificate receive from server side. How do I do that ? At present this is my code that I use to call a web service.


How do I validate a self-signed certificate received from server during performing Post ? I got to do testing via public/private keys. Client will have a CA file. Ijust need the client to verify the server certificate using the CA, the service is public .This has to do with public/private key.

Any help is highly appreciated.
 
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How would the CA know about a self-signed certificate?
 
Trupti Mehta
Ranch Hand
Posts: 79
Android Java ME Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's what my point incldes. How do I test and get the certificate received from server ?
 
Ulf Dittmer
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That was a rhetorical question - since no CA knows about the certificate, what should validation entail?
 
Trupti Mehta
Ranch Hand
Posts: 79
Android Java ME Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:That was a rhetorical question - since no CA knows about the certificate, what should validation entail?



Ulf Dittmer, when I call a web service, the server sends a self-signed certificate, and I got to validate it. My first requirement is :
How to get the server's certificate?
Then coems to validate its public key.
 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bob Lee posted on his blog a solution to this:

http://blog.crazybob.org/2010_02_01_archive.html
 
Trupti Mehta
Ranch Hand
Posts: 79
Android Java ME Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Perry Hoekstra wrote:Bob Lee posted on his blog a solution to this:

http://blog.crazybob.org/2010_02_01_archive.html



Yes Perry, already had a look at it. It needs Bouncy Castle's and all. I already have my own "certificate.cer" file. With that how do I work out !!!
 
Perry Hoekstra
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, there are a number of approaches to getting this to work. The first approach is to get Android to accept a self-signed cert.

I pointed out one website and here is another: http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates

Also, there is also the Signing in Debug Mode: http://developer.android.com/guide/publishing/app-signing.html

I have not used this approach.

The final option is to deal with the self-signed cert programmaticly. This is usually done by implementing a version of the SSL Socket factory class where the verification is always set to true. There are numerous examples including:

http://mobile.synyx.de/2010/06/android-and-self-signed-ssl-certificates
http://developer.android.com/reference/org/apache/http/conn/ssl/SSLSocketFactory.html
 
    Bookmark Topic Watch Topic
  • New Topic