0

I can't can't get my self-signed cert to be accepted, I'm using the following method:

HostnameVerifier hostnameVerifier = 
    org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

DefaultHttpClient dummy = new DefaultHttpClient();

SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);

SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", socketFactory, 8443));

SingleClientConnManager mgr = new SingleClientConnManager(
    dummy.getParams(), registry);
DefaultHttpClient client = new DefaultHttpClient(mgr, dummy.getParams());

// make connection with 'client' now.

My server is listening on 8443 with https, I can verify this with a browser. I'm taking the above from a few other posts on the same subject:

Not sure why it's not working for me, just keep getting a "Not trusted server certificate" exception" upon connection. Any ideas?

Accepting a certificate for HTTPs on Android

Thanks

Community
  • 1
  • 1
user291701
  • 38,411
  • 72
  • 187
  • 285

2 Answers2

1

By default java trusts the certificates in the default truststore which is cacerts.
Of course your self-signed certificate, you have configured your server to send for server authentication, will be rejected as untrusted since it is not among the trusted certificates.
To get arround this you must configure the sslcontext, used by JSSE, to use your own custom truststore which will override the java's default and will contain your self-signed certificate.
This is done by loading the keystore in the trustmanager on the initialization.
Haven't worked in Android but if you see this post appache httpsclient, you can find code to use as reference, both in the question and in Oleg's answer.
Hope this helps

Community
  • 1
  • 1
Cratylus
  • 52,998
  • 69
  • 209
  • 339
-1

I've had this on numerous development servers. There is no way around this other than to not use SSL with a self signed certificate.

It just seems to be a Java security issue.

Matt Gaunt
  • 9,434
  • 3
  • 36
  • 57
  • Shouldn't this be possible though, those users did report they got it to work somehow for HttpClient? I think I had it working in another project for URLConnection, but that class has a very bad bug in it with https where it seems to not close the stream on every few connection attempts. – user291701 Mar 09 '11 at 23:27
  • Id give the other answer a try (seems to have more experience than me, I just know my team members have tried to get around this and not found a solution. This includes trying to save the certificate onto the device but not quite the way mentioned above. – Matt Gaunt Mar 10 '11 at 00:26