3

My Android App is connecting to https self-signed server & it is working fine with using client certificates (.cer file).

Can Android App be connected to https self-signed server WITHOUT using client Certificates. --> If answers is YES then which library can be used for that. I know this would not be best method to achieve as it is https server, but this is what i need.

BNK
  • 23,994
  • 8
  • 77
  • 87
Ravi
  • 102
  • 1
  • 1
  • 11
  • Just turn off the SSL Certificate check, cant tell you how without knowing what are you using to connect. – Nanoc Dec 07 '15 at 15:32
  • keyStore.setCertificateEntry("ca", ca); String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); // Create an SSLContext that uses our TrustManager SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); – Ravi Dec 07 '15 at 15:36
  • Above is way i connect to URL in https connection to my URL – Ravi Dec 07 '15 at 15:37
  • Then just create an empty TrustManager like this: http://stackoverflow.com/questions/1201048/allowing-java-to-use-an-untrusted-certificate-for-ssl-https-connection – Nanoc Dec 07 '15 at 15:48
  • See my answer here, it also applies for your reqirement http://stackoverflow.com/questions/32051482/how-can-i-set-signalr-in-android-studio-to-ignore-ssl-issues-for-delvelopement/32051885?s=0|3.1960#32051885. However, IMO, using cert file is better, isn't it? – BNK Dec 07 '15 at 16:14
  • My https server does not require mutual authentication therefore it is not required for client to have any certificate. HTTPS SERVER IS :- https:// So above answer correct for that also ? – Ravi Dec 07 '15 at 16:32

1 Answers1

8

You can use Volley Android library for that.

You will need to add the below code on the onCreate() of your application class. By overwriting the X509Certificate basically you will accept all certificates.

try {
        TrustManager[] victimizedManager = new TrustManager[]{

                new X509TrustManager() {

                    public X509Certificate[] getAcceptedIssuers() {

                        X509Certificate[] myTrustedAnchors = new X509Certificate[0];

                        return myTrustedAnchors;
                    }

                    @Override
                    public void checkClientTrusted(X509Certificate[] certs, String authType) {
                    }

                    @Override
                    public void checkServerTrusted(X509Certificate[] certs, String authType) {
                    }
                }
        };

        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, victimizedManager, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String s, SSLSession sslSession) {
                return true;
            }
        });
    } catch (Exception e) {
        e.printStackTrace();
    }
z3n105
  • 1,935
  • 1
  • 15
  • 14
  • My https server does not require mutual authentication therefore it is not required for client to have any certificate. HTTPS SERVER IS :- https:// So above answer correct for that also ? – Ravi Dec 07 '15 at 17:25
  • 1
    This doesn't work on Android N, which requires you to declare your self-signed certificates explicitly. – IgorGanapolsky Sep 30 '16 at 21:46