2

I need to establish the Connection with MailServer (Custom Mail server). Whenever I tried to connect it throws the javax.net.SSLException, Not trusted server certificate exception.

I don,t know how to create the certificate for this. And also don't know to pass that certificate to make the secure connection with mail server.

My Code is: 

Properties props;// = new Properties();
            Session session;

            props=new Properties();

            props.put("mail.imap.socketFactory.port", "993");   
            props.put("mail.imap.socketFactory.class",   
                    "javx.net.ssl.SSLSocketFactory");   
            session=Session.getDefaultInstance(props, null);
            Store store = session.getStore("imaps");
            store.connect(hostName,portNumber, emailId,password);
            //the above statement throws the Exception    
            Folder folder = store.getFolder("INBOX");

I'd like to know how to create a self-signed certificate for an Android application.

Bill the Lizard
  • 398,270
  • 210
  • 566
  • 880
Balaji.K
  • 8,745
  • 5
  • 30
  • 39

2 Answers2

1

The problem with unknown certificates is a known problem in Java. You can't just connect to an HTTPS server without having a correct certificate in your local keystore.

That being said, I have in one of my application an override clause for Apache HTTP Client (same thing being used in Android), you can maybe start from there and build on it to get it running on Android 

ClientConnectionManager cm = new SingleClientConnManager(params,     
    HttpsSecurityOverride.createAllowAllSchemeRegistry());
httpClient = new DefaultHttpClient(cm, params);

and the HttpsSecurityOverride class is as follows:

package net.milanaleksic.cuc.tools.async.http;

import java.io.IOException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

import javax.net.ssl.*;

import org.apache.http.conn.scheme.*;
import org.apache.http.conn.ssl.X509HostnameVerifier;

public class HttpsSecurityOverride {

    private static SchemeRegistry allowAllSchemeRegistry = null;

    private static class AllowAllTrustManager implements X509TrustManager {

        @Override public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[] {};
        }

        @Override public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }

        @Override public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
    }

    private static class AllowAllHostnameVerifier implements X509HostnameVerifier {

        @Override public void verify(String arg0, SSLSocket arg1) throws IOException {
        }

        @Override public void verify(String arg0, X509Certificate arg1) throws SSLException {
        }

        @Override public void verify(String arg0, String[] arg1, String[] arg2) throws SSLException {
        }

        @Override public boolean verify(String arg0, SSLSession arg1) {
            return true;
        }

    }

    public static SchemeRegistry createAllowAllSchemeRegistry() throws Exception {
        synchronized (HttpsSecurityOverride.class) {
            if (allowAllSchemeRegistry != null)
                return allowAllSchemeRegistry;

            SSLContext sslContext = SSLContext.getInstance("SSL");

            // set up a TrustManager that trusts everything
            sslContext.init(null, new TrustManager[] { new AllowAllTrustManager() }, new SecureRandom());

            org.apache.http.conn.ssl.SSLSocketFactory sf = new org.apache.http.conn.ssl.SSLSocketFactory(sslContext);
            sf.setHostnameVerifier(new AllowAllHostnameVerifier());
            Scheme httpsScheme = new Scheme("https", sf, 443);
            allowAllSchemeRegistry = new SchemeRegistry();
            allowAllSchemeRegistry.register(httpsScheme);

            return allowAllSchemeRegistry;
        }
    }

}

Good luck!

Milan Aleksić
  • 1,415
  • 15
  • 33
1

Creating a self-signed certificate won't solve your problem, it is the fact that the server you're connecting to is using a self-signed certificate that's causing the error that you're seeing.

You either need to purchase a trusted certificate and install it on the mail server (which may be outside of your control) or you need to change the behaviour of javamail to accept certificates which are not signed by a recognised authority.

Have a look at my answer to android javamail api imap over ssl which may help you to implement the second option.

Community
  • 1
  • 1
Mark Allison
  • 21,839
  • 8
  • 47
  • 46