I got a url with https, which has a common certification (which means this url could be visited from the browser and has a https security badge). Now I want to get the info from this url using HttpsUrlConnection, how can I do a certification check.
I am a SSL beginner, so I did some searching. And I got this, which is a self-signed check demo.
I'm wondering if the common https link should be checked like this. Does HttpsUrlConnection do a check, I found on the Android Developers:
If an application wants to trust Certificate Authority (CA) certificates that are not part of the system, it should specify its own X509TrustManager via a SSLSocketFactory set on the HttpsURLConnection.
Does this means I don't need to check the server certificate if I can browse it from a web browser? Can I do a validation like the web browser does? And where can I find the trust store file, can I just make a default key store? Or anybody can tell me how to implement a TrustManager(I do want a validation, not a trust manager that trust anything).
