3

i need to know

  1. What is X509TrustManager and SSL certificate ?
  2. How to use them when establishing an HTTPS connection to a remote host ?
Fady Emad
  • 173
  • 2
  • 11
  • 2
    Have you checked out http://developer.android.com/training/articles/security-ssl.html? This gives some basic examples of establishing an SSL connection as well as setting up a custom TrustManager. – Intervention Feb 28 '16 at 14:31
  • In general, you do not need `X509TrustManager` to make an HTTP connection to a remote host. Mostly, you would use that if the host had a self-signed certificate or something. – CommonsWare Feb 28 '16 at 14:33
  • @Intervention i'll check it. – Fady Emad Feb 28 '16 at 14:51
  • @CommonsWare i don't know what self-signed means, i got this note from google store , that's the mail part 'Your app(s) listed at the end of this email use an unsafe implementation of the interface X509TrustManager. Specifically, the implementation ignores all SSL certificate validation errors when establishing an HTTPS connection to a remote host, thereby making your app vulnerable to man-in-the-middle attacks. ' – Fady Emad Feb 28 '16 at 15:16
  • I wrote a blog post about these emails: https://commonsware.com/blog/2016/02/22/about-x509trustmanager-emails.html – CommonsWare Feb 28 '16 at 15:22
  • @CommonsWare thank you, now i understand my problem which i establish a **http** connection for host with **no identity** So, can i make a custom TrustManager to accept all SSL? – Fady Emad Mar 09 '16 at 11:16

0 Answers0