My app accesses a URL that is secured with a self-signed certificate.
Version 1:
I copied the "selfsigned.crt" file onto the phone, then installed the certificate through Security - Other Security Settings - Install from device storage with credential use: VPN and apps, which also made me set a PIN.
Afterwards I added this to the manifest:
android:networkSecurityConfig="@xml/network_security_config"
... and created the according network_security_config.xml file in the "res/xml" folder (as suggested here):
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="user"/>
</trust-anchors>
</debug-overrides>
<base-config>
<trust-anchors>
<certificates src="user"/>
</trust-anchors>
</base-config>
</network-security-config>
The problem is that my app can't connect to the URL like this and only throws an exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
Version 2:
If I copy the "selfsigned.crt" file into the "res/raw" folder and add this to the xml file:
<certificates src="@raw/selfsigned"/>
it succeeds. But this also means that I'd have to update the app if the certificate changes.
Question:
Did I miss anything in version 1, do you maybe have to create your own KeyStore/TrustManager (as described here), even when you're using the xml file?
Btw, currently I'm using javax.net.ssl.HttpsURLConnection instead of the "basic" URLConnection to open a connection.
