Prompting user to accept self-signed SSL using DefaultHttpClient in Android
Question
I'm developing an Android 4.0 app that connects to Microsoft Exchange.
At present, I'm having difficulty dealing with self-signed certificates, as they just get rejected. I've tried a lot of the solutions on SO, building new SocketFactories and TrustManagers, but none of them offer a real solution.
Ideally, I'd like to prompt the user to inform them the SSL cert cannot be verified and if they accept that, I'd like to download the certificate being presented, store it and use it for the next connection. Or something similar to this process (like Firefox's SSL exceptions list)
Unfortunately, the only examples I have found rely on the certificate being installed into a TrustStore on the device using command line tools. This doesn't help when a customer downloads it. I just want a simple accept/reject dialog.
I could blindly trust all SSL certificates, but I'd rather do something slightly more secure.
Would anyone be able to point me in the right direction? Is what I'd like to do even possible? If the accept/reject can't be done, then a blind acceptance of self-signed certs is the best I can manage.
Thanks, Tom
1 answers
solution1
1 ACCPTED 2013-11-14 09:41:49
From android ICS there is the KeyChain class where you can store additional trusted certificates.
Your software could do something like that:
- Create a dedicated X509TrustManager in order to handle unknown server certificate (see X509TrustManager.checkServerTrusted method)
- When the server certificate is unknown create an Intent to prompt the user to install the certificate with KeyChain.createInstallIntent()
The certificate should be available for the future connections.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.