I am calling web service from my android client via https. I got to validate the certificate receive from server side. How do I do that ? At present this is my code that I use to call a web service. <pre class="prettyprint"><code>private static String SendPost(String url, ArrayList<NameValuePair> pairs) { // url = "https://....." errorMessage = ""; String response = ""; DefaultHttpClient hc=new DefaultHttpClient(); ResponseHandler <String> res=new BasicResponseHandler(); HttpPost postMethod=new HttpPost(url); try { postMethod.setEntity(new UrlEncodedFormEntity(pairs)); response = hc.execute(postMethod, res); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } catch (ClientProtocolException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } return response; } </code></pre> How do I validate a self-signed certificate received from server during performing Post ? I got to do testing via public/private keys. Client will have a CA file. Ijust need the client to verify the server certificate using the CA, the service is public .This has to do with public/private key. How can I receive the certificate from the server before calling the post ? Their are several options and code snippets available on stackoverflow. Couple of links I found with multiple answers is : Accepting a certificate for HTTPs on Android HTTPS GET (SSL) with Android and self-signed server certificate But I can't make out which is good/applicable for me ! I don't want to disable all or accept any. Have to check the public/private keys/ Any help is highly appreciated.

Bob Lee wrote a nice blog post on how using SSL certificates with Android. I think it is applicable to your case: http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html You just have to create a <code>KeyStore</code> containing your self-signed certificate and use the custom <code>HttpClient</code> implementation described in that post. <hr> UPDATE: Host name validation can be customizez by setting a custom <code>X509HostnameVerifier</code> on the <code>SSLSocketFactory</code>. Some implementations are already available in android: <code>AllowAllHostnameVerifier</code>, <code>BrowserCompatHostnameVerifier</code>, <code>StrictHostnameVerifier</code> <pre class="prettyprint"><code>/* ... */ public class MyHostnameVerifier extends AbstractVerifier { boolean verify(String hostname, SSLSession session) { X509Certificate[] chain = session.getPeerCertificateChain(); /* made some checks... */ return checked; } } sslSocketFactory.setHostnameVerifier(new MyHostnameVerifier()); </code></pre>

Receive & Validate certificate from server HTTPS

I am calling web service from my android client via https. I got to validate the certificate receive from server side. How do I do that ? At present this is my code that I use to call a web service.

private static String SendPost(String url, ArrayList<NameValuePair> pairs) {   // url = "https://....."   
    errorMessage = "";   
    String response = "";   

    DefaultHttpClient hc=new DefaultHttpClient();      
    ResponseHandler <String> res=new BasicResponseHandler();      
    HttpPost postMethod=new HttpPost(url);   

    try {   
postMethod.setEntity(new UrlEncodedFormEntity(pairs));   
        response = hc.execute(postMethod, res);   
    } catch (UnsupportedEncodingException e) {   
        e.printStackTrace();   
    } catch (ClientProtocolException e) {   
        e.printStackTrace();   
    } catch (IOException e) {   
        e.printStackTrace();   
    }        

    return response;   
}

How do I validate a self-signed certificate received from server during performing Post ? I got to do testing via public/private keys. Client will have a CA file. Ijust need the client to verify the server certificate using the CA, the service is public .This has to do with public/private key. How can I receive the certificate from the server before calling the post ?

Their are several options and code snippets available on stackoverflow. Couple of links I found with multiple answers is : Accepting a certificate for HTTPs on Android HTTPS GET (SSL) with Android and self-signed server certificate

But I can't make out which is good/applicable for me ! I don't want to disable all or accept any. Have to check the public/private keys/

Any help is highly appreciated.

What is mean by receive?

: to come into possession of : acquire. receive a gift. : to act as a receptacle or container for.

Do you receive or received?

When you ask 'Have you received it? ' you are asking about something that has happened in the past. That's why we use the word 'received' not 'receive'. The pronunciation of 'received' is re SEEVD.

Is there the word recieve?

verb (used with object), re·ceived, re·ceiv·ing. to take into one's possession (something offered or delivered): to receive many gifts. to have (something) bestowed, conferred, etc.: to receive an honorary degree. to have delivered or brought to one: to receive a letter.

Bob Lee wrote a nice blog post on how using SSL certificates with Android. I think it is applicable to your case: http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

You just have to create a KeyStore containing your self-signed certificate and use the custom HttpClient implementation described in that post.

UPDATE:

Host name validation can be customizez by setting a custom X509HostnameVerifier on the SSLSocketFactory. Some implementations are already available in android: AllowAllHostnameVerifier, BrowserCompatHostnameVerifier, StrictHostnameVerifier

/* ... */
public class MyHostnameVerifier extends AbstractVerifier {
  boolean verify(String hostname, SSLSession session) {
    X509Certificate[] chain = session.getPeerCertificateChain();
    /* made some checks... */
    return checked;
  }
}
sslSocketFactory.setHostnameVerifier(new MyHostnameVerifier());

Receive & Validate certificate from server HTTPS - android

Tags:

android

certificate

ssl

web-services

Tvd

People also ask

1 Answers

Jcs

Recent Activity

Donate For Us