I am developing an android application which interacts with my server. For including the SSL layer, I created a self-signed certificate for my server. So, at present when i access my server through a browser, it sends that certificate and once I save it, all works fine on browser.
But I am not sure, how can I move ahead so that my Android app will communicate effectively with the server. The thing I know so far is that I need to generate a keystore (.bks) for my android application and pass it on to TrustManager. I found various tutorials to generate the keystore but I am getting confused at few points:
- Will I need any info regarding the server's certificate for generating this keystore?
- Is there any way through which I can replicate the browser like functionality in the application? (If the certificate is not from a trusted CA, add it to the list if the user confirms that.)
- How will the server trust my keystore?
I might be mixing some of the concepts because I read a lot of articles regarding all this. The articles/questions that I have already referred are:
