Menu
Recently I work on the project that has implemented the SSL.
The SSL cert is expire once per year. And it throw exception in android after I renew the cert on the server.
06-13 11:20:27.709: D/allenj(30076): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
After I looking through the project code, I saw there is a bks file, so , does it mean I have to update the bks file once per year, and I have to re-upload the app to google play as well.
The problem is what is the standard way to cope with the renewal of the SSL cert? Thanks for helping.
Code extract
nnable Register_runnable = new Runnable(){
@Override
public void run() {
EditText emailText = (EditText) findViewById(R.id.editText1regist);
EditText pwText = (EditText) findViewById(R.id.editText2registpw);
String end = "\r\n";
String twoHyphens = "--";
String boundary = "*****";
try {
KeyStore keyStore = KeyStore.getInstance("BKS");
InputStream in =
getResources().openRawResource(R.raw.ballooncardbks);
keyStore.load(in, "".toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("X509");
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
String actionUrl = "https://app.ballooncard.com/api/client/register/format/json";
URL url = new URL(actionUrl);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
// con.setDoInput(true);
con.setDoOutput(true);
con.setUseCaches(false);
con.setRequestMethod("POST");
con.setSSLSocketFactory(context.getSocketFactory());
con.setRequestProperty("Connection", "Keep-Alive");
con.setRequestProperty("Charset", "UTF-8");
con.setRequestProperty("Content-Type", "multipart/form-data;boundary=" + boundary);
938
Go to your phone settings. Click on security. Navigate to advanced encryption & credentials. Under credential storage, click on install certificate.
"myconfluence.com" Click on Check SSL. Then client SSL/TLS transparent session will be established to your remote server speaking SSL/TLS. This test to make sure certificate is correctly installed, valid, trusted and doesn't give any errors to any of your users.
SSL (Secure socket layer) Certificate Pinning, or pinning for short, is the process of associating a host with its certificate or public key. Once you know a host's certificate or public key, you pin it to that host.
Looks like the app is using "certificate pinning", which means that a certificate has been hardcoded into the app, and the app has been instructed to accept only that certificate and no other.
This increases security at the expense that you need to update your app when (ideally before) the certificate expires. You can following the instructions from a post I created here:
https://stackoverflow.com/a/24007536/276949
to generate a new .bks file from your certificate. Once this is done, overwrite your old .bks file and your app should successfully connect via SSL.
127
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
