Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android application with SSL

I know that this particular topic was asked many times, but unfortunately in my case none of them are working. For past few days I was trying to get it to functional state, but I failed every time, so I finally come here to ask.

I have a webservice on server with self-signed certificate. I can access wsdl file if I enter address into browser. Browser just remind me, that there is some issues with cert. and if I hit continue, everything works. Sadly I know very little about SSL, because its first time I made an application with SSL communication. In application I'll only get exception "No peer certificate" or "Trust anchor path not found" depends on type of "solution" I used.

I ran test on sslhopper.com and I get a warning that "The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate." Is this a serious issue in Android development or it could be resolved by some code?

So my question is actually, how can I do in application make "hit the continue button" or anything to make it actually connected to the server. In this case is it problem with certificate itself or am I doing something wrong on the application itself?

like image 982
Michal Žídek Avatar asked Nov 12 '22 20:11

Michal Žídek


1 Answers

If you are trying to do client authentication, you need two things:

  1. the CA certificate that issued the server certificate
  2. a client certificate for your app.

You have to put 1. in the trust store and 2. in the keystore for your app. The sample code expects a PCKS#12 as the keystore, do you have one? What files have you been given? At this point it might be good to read the JSSE reference so you have an idea how the system works:

http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html

like image 184
Nikolay Elenkov Avatar answered Nov 15 '22 10:11

Nikolay Elenkov