Android DefaultHttpClient accept all certificates for SSL session help

Question

I am attempting to connect to a local HTTPS server using the apache DefaultHttpClient on a Android device.

 DefaultHttpClient httpclient = new DefaultHttpClient();
 HttpPost httppost = new HttpPost("http://192.168.1.121:4113/services");
 ... header and content filling in ...
 HttpResponse response = httpclient.execute(httppost);

I am getting an error of "javax.net.ssl SSLException: Not trusted server certificate" when the .execute runs. I want to simply allow any certificate to work, regardless of if it is or is not in the android key chain.

I have spent about 40 hours researching and trying to figure out a workaround for this issue. I have seen many examples of how to do this but none so far have worked in Android; they seem to only work for JAVA. Does anyone know how to configure, or override the certificate validation used by the Apache HttpClient in Android so that it will just approve all certificates for a DefaultHttpClient connection?

I thank you for your kind response

Answer 1

If anyone is still trying to figure this out I ended up going with the solution here:

HTTPS GET (SSL) with Android and self-signed server certificate

Scroll down to the solution by SimonJ. It is a simple straight forward solution to this problem.

Answer 2

Look at this tutorial http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates/

The tutorial is based on Apache's HttpClient and explains how to use the SSLSocketFactory to trust the defined certificates in your own keystore (also explained how you can create it with the BouncyCastle provider).

I've tested it and it works great. In my opinion this is the secure way.