3

I have used two types of Authorized certificates(commercial ca) used in my Android Studio mobile application inside raw folder. first: .crt (for request encryption ) second: .bks ( request to server with SSL Pinning )

my .crt file expiry is 2 year only. I want to renewal my certificate without updating my app to playstore. I have refereed many links. they are saying ,generate new certificate and use it in updated app and update the app in playstore option only.

Note: Please suggest, If any other way, without updating app in play store, i want to renewal my ca in mobile application run-timely.

Thanks Advance

I have refereed below links regarding my ssl certificate renewal 

https://stackoverflow.com/questions/15788714/when-an-ssl-cert-is-renewed-does-an-android-bks-also-need-to-be-updated

https://stackoverflow.com/questions/24197201/how-do-i-update-the-ssl-cert-in-my-android-apps

https://stackoverflow.com/questions/33706984/android-how-to-store-certificate-in-keystore-programmatically

http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/

http://helpdesk.objects.com.au/java/how-do-i-programatically-extract-a-certificate-from-a-site-and-add-it-to-my-keystore

https://stackoverflow.com/questions/2012497/accepting-a-certificate-for-https-on-android

https://stackoverflow.com/questions/40935588/android-update-ssl-certificate
harikrishnan
  • 1,985
  • 4
  • 32
  • 63
  • hi, Did you got any workaround without updating the app ? – Anukool srivastav Jan 02 '18 at 06:03
  • yes..possibilities are there with help of server. but, exactly, I dont know the procedures now. may be will reveal at future. – harikrishnan Jan 02 '18 at 09:27
  • Hi, did you find any solution for this update certificate without update app changes? then please share with us. – Gaurav Mandlik Mar 14 '22 at 09:15
  • If old certificate expired, then, pls download from server at runtime and save it mobile local storage and use it latest ssl certificate, without force upgrading app from play store every time. as of now, I do not have sample code for this task. – harikrishnan Mar 20 '22 at 11:15

1 Answers1

2

No, I'm afraid there's not.

When generating new certificates, the files are refreshed, so the app has to be done.

This has to make you rethink why your "architecture" is working that way, since certificates should be stored in servers, with their own backup and renewal programmed every certain amount of time.

Rafael Ruiz Muñoz
  • 5,333
  • 6
  • 46
  • 92
  • 1
    Certificate pinning is one reason to have certificate information baked into an app. That being said, changing pins requires changing the app. – CommonsWare Jul 07 '17 at 15:12
  • @CommonsWare +1, indeed, my concern was "if you need your certificate to be in the app, you will have to change it. If changing it is an issue, you should review your architecture" – Rafael Ruiz Muñoz Jul 07 '17 at 17:48
  • Feel free to ask more questions about it. Also if you think this answer is valid enough, I would appreciate you to mark it as valid :) – Rafael Ruiz Muñoz Jul 10 '17 at 16:45
  • 1
    finally, we done r&d and found solution for dynamic certificates loading from server. here after, no need to customer force upgrade app from play store for new certificates. app itself, it will auto download ssl certificates. – harikrishnan Mar 23 '18 at 10:25
  • 1
    by the way, if you download ssl certificates from Internet, there could be a man in the middle attack to offer fake SSL certificates and that keeps the same problem – Rafael Ruiz Muñoz Mar 23 '18 at 14:50
  • 2
    @harikrishnan I am looking for the same answer right now. I see you have mentioned that you could solve it with some r&d and now its dynamic. Could you please post it here for my and everyone's reference? – KeyurM Apr 02 '19 at 16:49
  • 1
    @harikrishnan could you share your solution, I am looking for the same answer now? tks. – Quang Dai Ngo May 21 '19 at 02:30