How to enable a self-signed certificate for SSL sockets on Android?

Question

I have a self signed server certificate (cert.pem) and need to enable it for SSL sockets in an Android application. Ideally I'd like to package the code as .jar file and not need an external certificate file (i.e. include it into the code).

With this code I can accept all certificates, which is not what I want:

SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager [] { new MyTrustManager() }, new SecureRandom());

Do I need to add the certificate to a custom KeyManager or the custom TrustManager?

One problem I've encountered is that Android does not accept JKS keystores (KeyStore.getDefaultType() returns "BKS"): "java.security.KeyStoreException: KeyStore JKS implementation not found"

Any ideas how to proceed would be highly appreciated!

Answer 1

Yes, you need to add the certificate to a custom KeyStore. It is basically a 4-step process:

1. Obtain your server certificate.
2. Import the server certificate to a keystore as a raw resource in your application. The KeyStore type must be BKS.
3. Create your own TrustManager in your Java/Android program to load the certificate into a SSLContext.
4. Use that SSLContext for your SSL connections.

See this link for detailed instructions and sample code:
http://randomizedsort.blogspot.com/2010/09/step-to-step-guide-to-programming.html

Good luck.
Nehc