SSL security for Android App client and server communications

Question

I have website hosting on Linux with Apache server.

My website uses HTTPS (secured with SSL) for Desktop application (PC browser).

I have got SSL security for my website. I am using SSL with Https in browser.

How can I apply SSL security in Android App (for all the requests which comes from Android app and from server)?.

Now I am using HTTP and JSON protocols for communication between client and server using HTTPClinet package in android.

Answer 1

You don't need to worry about that. When building a URL, simply use " https://yoursite.com " instead of " http://yoursite.com ".

The Android libraries will take care of the burden of making a SSL connection when you use " https " in your URLs.

If you have configured your site correctly, you really don't need to worry!

Answer 2

hi i have one more way to provide ssl certificate to our apis,

public static void allowAllSSL() {

HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });

javax.net.ssl.SSLContext context = null;
if (trustManagers == null) {
trustManagers = new TrustManager[] { new _FakeX509TrustManager() };
}
try {
context = javax.net.ssl.SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {

} catch (KeyManagementException e) {

}
HttpsURLConnection.setDefaultSSLSocketFactory(context
.getSocketFactory());
}

Call this before making https calls. Example :

 if (url.contains("https")) {
    allowAllSSL();
  HttpsURLConnection conn = null;
  URL url2 = new URL(url);
 conn = (HttpsURLConnection) url2.openConnection();
  conn.setReadTimeout(60000); // //milliseconds
 conn.setConnectTimeout(60000);
conn.setRequestMethod("GET");
conn.setDoInput(true);
conn.connect();
is = conn.getInputStream();
if (is != null) {
 result = convertStreamToString(is);
 System.out.println(url+"-----------------" + result);
 conn.disconnect();
}
} else {
HttpParams httpParameters = new BasicHttpParams();
int timeoutConnection = 30000;
HttpConnectionParams.setConnectionTimeout(httpParameters,
  timeoutConnection);
int timeoutSocket = 50000;
HttpConnectionParams
  .setSoTimeout(httpParameters, timeoutSocket);
DefaultHttpClient httpclient = new DefaultHttpClient(
  httpParameters);
HttpGet httpget = new HttpGet(urlnew);
httpget.setHeader("Accept", "application/json");
httpget.setHeader("Content-type", "application/json");
// httpget.setHeader("Authorization",
// "ApiKey "+TOKEN_PREF.getString("DEVICE_USER_NAME","NOTHING")+":"+TOKEN_PREF.getString("API_KEY","NOTHING"));
// httpget.setHeader("Authorization",
// "ApiKey testing_application:13ec21837c64890527713e8f4cd86e1a8dac646a");
HttpResponse response = (HttpResponse) httpclient
  .execute(httpget);
HttpEntity entity = response.getEntity();
if (entity != null) {
 InputStream instream = entity.getContent();
 result = convertStreamToString(instream);
 System.out.println(url+"-----------------" + result);
 instream.close();
}
}

Thank you

Hope this will help you. :)