Validating self-signed SSL certificates
Android supports the use of SSL with standard Android API components, such as HTTPClient
and URLConnection
. However, if you attempt to connect to a secure HTTPS server URL, you may encounter an SSLHandshakeException
. The common issues are:
- The certificate authority (CA) who issued the server SSL certificate is not included in the ~130 CAs that are included as part of the Android system, and therefore, is treated as unknown
- The server SSL certificate is self signed
- The server isn't configured with intermediary SSL certificates
If the server isn't configured with intermediary certificates, it's simply a case of installing them to allow the connection code to validate the root of trust. However, if the server is ...
Get Android Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.