Android :: HTTPS GET (SSL) With Android And Self Signed Server Certificate
Sep 21, 2010
I have looked into various posts about how to retrieve something via HTTPS on Android, from a server that uses a self-signed certificate. However, none of them seem to work - they all fail to remove the "javax.net.ssl.SSLException: Not trusted server certificate" message. It is not an option to modify the server to have a trusted certificate, and it is also not an option to make the server certificate match the server's IP address. Note, that the server will not have a DNS name, it will only have an IP-address. The GET request looks something like this:
I am fully aware that this solution is prone to man-in-the-middle attacks etc. So, the solution must ignore the lack of trust in the certificate, and ignore the hostname mismatch. Does anybody know the code, that does this, using Java for Android? There are plenty of attempts to explain this on stackoverflow.com, and plenty of code snippets, but they don't seem to work, and nobody has provided one block of code that solves this, as far as I can see. It would be interesting to know if somebody really solved this, or if Android simply blocks certificates that are not trusted.
View 8 Replies
Jan 25, 2010
Anyone else experiencing this problem or know of a solution? I have a Digicert signed https certificate that is throwing an SSLException (Not trusted server certificate). This doesn't make any sense as Digicert is a recognized certificate authority. I can connect to my https url without a problem via IE, Firefox, and Safari so they appear to have no issue with the certificate. Here's the code I'm using. Very simple stuff......................
View 3 Replies
View Related
Apr 29, 2010
I need to do is download some basic text-based and image files from a web server that has a self-signed SSL certificate. I have been trying to figure out how to use HttpClient to do this, but getting the SSL to work is a nightmare that seems to be way too much trouble for such a simple task. Is there a better way to perform these file downloads? Perhaps through a WebView or Browser feature? Reinventing the wheel of making a simple HTTPS GET request is a major pain, and is significantly holding up my development schedule.
View 3 Replies
View Related
Feb 23, 2010
I want to connect to a server using ssl/https connection. During handshake between client and the server, I want to have server certificate authentication as well as client certificate authentication. The server certificate authentication is successful. But I don't know how to send client certificate to server for authentication, during the handshake.
View 4 Replies
View Related
Jun 22, 2009
I just got my new HTC Magic ?Maybe a very cool phone? I have a serious problem that I hope someone can help me with or maybe lead me in some direction. I want to sync with my companies Exchange server (exchange 2007) but every time I try I get this error message: ?Error: failed to create account. Please try again later? any ideas? I have been searching the web for a week now ? but no luck. Maybe the problem is related to a certificate problem since we are using a self-signed root certificate and I am not able to import it (like on a Iphone or MS WinMoblie) Maybe someone knows how to import a root-certificate?
View 2 Replies
View Related
Apr 27, 2010
In Android documentation concerning code signing we can read: "By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner." How exactly such code sharing can be done? Is it possible to release main application and multiple exchangeable plugins then discover them at runtime? What does source code looks like and what are advantages over "standard" intents calls from/to different APK packages?
View 2 Replies
View Related
Jan 6, 2010
I'm trying to make Https connections on the Android phones, using HttpClient. Trouble is that since the certificate isn't signed I keep getting "javax.net.ssl.SSLException: Not trusted server certificate". Now I've seen a bunch of solutions where you simply accept all certificates, but what if I want to ask the user? I want to get a dialog similar to that of the browser, letting the user decide to continue or not. Preferably I'd like to use the same certificatestore as the browser.
View 4 Replies
View Related
Jul 16, 2010
I have a self signed server certificate (cert.pem) and need to enable it for SSL sockets in an Android application. Ideally I'd like to package the code as .jar file and not need an external certificate file (i.e. include it into the code). With this code I can accept all certificates, which is not what I want: SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, new TrustManager [] { new MyTrustManager() }, new SecureRandom());
Do I need to add the certificate to a custom KeyManager or the custom TrustManager? One problem I've encountered is that Android does not accept JKS keystores (KeyStore.getDefaultType() returns "BKS"): "java.security.KeyStoreException: KeyStore JKS implementation not found"
View 1 Replies
View Related
Aug 20, 2010
I am receiving this exception, when I try to access a secure site in my App. I am using DefaultHttpClient & BasicHttpParams classes for Http communication..........................
View 16 Replies
View Related
Feb 11, 2010
I'm using ksoap over https to request data from a server. It works fine, but only every other time! Looking at the traffic with wire shark it seems that on every other request something goes wrong with the ssl traffic/handshake (data doesn't even get sent except for an fc-fault coming back). Doing the same requests using curl the server always responds fine and afaik the iPhone version of the program also doesn't seem to have any problems with the server.
View 13 Replies
View Related
Sep 25, 2010
I access asp.net web service..! My web service name is "https://192.168.1.2/Sample/service.asmx" But it will show the following Exception "javax.net.ssl.SSLException: Not trusted server certificate" This is my code...............
View 7 Replies
View Related
Feb 9, 2010
I want to use HttpPost over https/ssl. I get 'Not trusted server certificate' error. I've found a lot of posts, seems that many people have similar problems and I've found two suggestions: 1) Change server's certificate. Current certificate is self-signed as localhost.localdomain. Unfortunetly it's not my server and I cannot change the certificate. 2) Use HttpsUrlConnection instead of HttpClient. But I cannot use it because sometimes (when response's code is 401 or 403) I got IOException during getting response code or reading inputstream.
So I've found 3rd solution - use httpclient, when system throws excetpion 'not trusted server certificate' than display warning, inform user that certificate is not trusted and ask if he wants to add this one to the keystore (webbrowser works this way). But I've no idea how to get certificate from the server and add to keystore.
View 4 Replies
View Related
Nov 17, 2009
I have been trying to use httpclient to post data on https (secure). I have searched all forums of android but I could not find any solution that works with httpclient on https. I have seen some solutions using HttpsURLConnection. and SSLContext. I would like to go with httpclient not URLConnection as I require to manage cookies and al. I am looking for your exert advice on above matter..............
View 3 Replies
View Related
Apr 19, 2009
Detail Descriptioin: 1. When I use the same code to access "http://www.google.com", it works. 2. When I use the same code to access "https://www.google.com", it doesn't work and will throw IllegalArgumentException..............
View 2 Replies
View Related
Oct 11, 2009
I'm having trouble making https connection to the server , with password authentication. What is the simplest & recommended way to do it ?
View 4 Replies
View Related
Oct 12, 2010
I just ran across the 'PAW Server' app and it's pretty neat so far. I don't want to use it with http though, so I enabled https and restarted the app. It doesn't work at all now. I enabled bluetooth so I could manually update the config file on the sdcard and restart the server in http mode. It instantly started working again. I've tried a couple of different ports but can't get the https mode to work at all. The docs say that it will be slower which is understandable, but since it's not working at all I have to assume that I'm doing something wrong and missing something obvious. Anyone else using the PAW Server app with https enabled?
View 3 Replies
View Related
Jun 16, 2010
I am getting "javax.net.ssl.SSLException: Not trusted server certificate" exception when I am trying to hit https URL (.Net Webservice) from my android app. Below is my code:
HttpParams myParams = new BasicHttpParams();
HttpProtocolParams.setVersion(myParams, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(myParams, "utf-8");
myParams.setBooleanParameter("http.protocol.expect-continue", false);.................
View 1 Replies
View Related
Aug 13, 2010
I have a problem of ssl exception when i upload data to a https server. It uploaded the data to the server correctly but when i get the response after uploading it throws an exception of ssl certificate is not trusted. I'm using the SAX parser for parsing xml file and i am using httppost method().
View 1 Replies
View Related
Feb 23, 2010
I do not have the keystore that I used when I first created the app and I am wondering if I can create a new certificate using the same details that I used to create the earlier certificate. I have the details available with me.If I do so and update the app using this certificate, will the users get an update notification on their device?
View 9 Replies
View Related
Jun 15, 2009
I am doing a https post and I'm getting an exception of ssl exception Not trusted server certificate. If i do normal http it is working perfectly fine. Do I have to accept the server certificate somehow?
View 7 Replies
View Related
Apr 8, 2010
I'm new to implementing HTTPS connections in Android. Essentially, I'm trying to connect to a server using the org.apache.http.client.HttpClient. I believe, at some point, I'll need to access the application's keystore in order to authorize my client with a private key. But, for the moment, I'm just trying to connect and see what happens; I keep getting an HTTP/1.1 400 Bad Request error.
I can't seem to make heads or tails of this despite many examples (none of them seem to work for me). My code looks like this (the BODY constant is XmlRPC):
CODE:.......................
View 1 Replies
View Related
Feb 11, 2010
Has any one been able to connect to a soap server using ksoap2 android via https?
I keep getting the error that "Hostname <###>was not verified"
CODE:..........
Apparently looking back at other ksoap which isn't for android your ment to us a different call to connect via https, but i can't find a way to do it in the android version.
View 1 Replies
View Related
May 28, 2009
I had configure a Tomcat webserver with SSL and client autification. So I need a clienKey.p12 File to visit the site. If I import the key into Firefox, it works fine.
So I tried to develop a Client from "normal" Java. That works:
CODE:..........
Now I try to develope a Client into Android and I am getting crazy....
Here my two Android implementation:
CODE:...........
I always geht the following Exception:
CODE:................
But the key is the same that I use for the "normal" java Client and for the import into firefox. So the key is valid. But it is signed by me... I don't want to sign it by a commercial Company like verisign.
View 2 Replies
View Related
May 21, 2010
How do I sign an APK with more than one certificate, so that I can do this when I publish to the Android Market...
View 1 Replies
View Related
Jul 16, 2010
If I have an apk can I remove the current signing and some how resign it with a different .keystore file and still have the application install?
View 1 Replies
View Related
Nov 11, 2010
I am trying to get an image from a https url but it doesn't seem to display and get the image correctly but works fine on my computer browser. I have tested out a http url pointing to a different image and it works fine. My code is below:
public Bitmap getContactPhoto(String url) {
Bitmap pic = null; try { pic = BitmapFactory
.decodeStream((InputStream) new URL(
"https://mail.google.com/mail/photos/static/AD34hIjbK2m-Lj333E4nBcCkBC3MYl2tTs0xizuSqUOP3-Jd6DOrpFg1M5HG8jXh0MuPbeFepInZZDu92Dx8ST4b59EbOKmfYTortuuO3P1_Ohyu7b7a3gc")
.getContent()); } catch (MalformedURLException e) {
// TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) {
// TODO Auto-generated catch block e.printStackTrace(); } return pic; }
Here is the code from the activity class that calls the method above:
private ImageView mContactPhoto; private ContactDetailsViewHelper mViewHelper;
mContactPhoto = (ImageView) findViewById(R.id.contact_photo);
mViewHelper = new ContactDetailsViewHelper(mContext);
mContactPhoto.setImageBitmap(mViewHelper.getContactPhoto(mDetail.getImageRef()));
ignore the mDetail.getImageRef, that passes the real url value but for this case I tried hard coding the url as you can see from the getContactPhoto method.
View 1 Replies
View Related
Apr 12, 2010
How to collect URLs of all http/https requests made by the phone as well as well as the return status code and user agent from the headers. This information should be coming for all browser requests and other applications too.Please let me know this information can be retrieved on App level or we have to go to system level for this.
View 5 Replies
View Related
Jan 11, 2010
I want to use HTTPS in my application. The Java URL class does not seem to do the job.
Does anyone have any pointers?
View 3 Replies
View Related
Sep 7, 2010
I downloaded Android SDK when I run setup, it displays the following error message.
Failed to fetch URL https://dl-ssl.google.com/android/repository/repository.xml, reason: HTTPS SSL error. You might want to force download through HTTP in the settings.
View 1 Replies
View Related
Jan 18, 2010
I'm creating an app for the Android platform which will connect with just one site using HTTPS. It is essential that it won't be able to connect to any other sites, even with valid SSL certificates. I want it to be resistant to every form redirection (for example to site pretending to be the one I need to connect with) or other "attacks". Unfortunately I cannot find any good tutorial about SSL in Android.Do you know any? I'd be grateful for some links or advices. Or maybe could you give me some code snippets? My app is prepared to use HttpURLConnection or HttpClient - it makes no difference which path will I choose.
View 2 Replies
View Related
