Android :: HTTPS With Self Signed SSL Certificate - Solution Or Better?
Apr 29, 2010
I need to do is download some basic text-based and image files from a web server that has a self-signed SSL certificate. I have been trying to figure out how to use HttpClient to do this, but getting the SSL to work is a nightmare that seems to be way too much trouble for such a simple task. Is there a better way to perform these file downloads? Perhaps through a WebView or Browser feature? Reinventing the wheel of making a simple HTTPS GET request is a major pain, and is significantly holding up my development schedule.
View 3 Replies
Jan 25, 2010
Anyone else experiencing this problem or know of a solution? I have a Digicert signed https certificate that is throwing an SSLException (Not trusted server certificate). This doesn't make any sense as Digicert is a recognized certificate authority. I can connect to my https url without a problem via IE, Firefox, and Safari so they appear to have no issue with the certificate. Here's the code I'm using. Very simple stuff......................
View 3 Replies
View Related
Sep 21, 2010
I have looked into various posts about how to retrieve something via HTTPS on Android, from a server that uses a self-signed certificate. However, none of them seem to work - they all fail to remove the "javax.net.ssl.SSLException: Not trusted server certificate" message. It is not an option to modify the server to have a trusted certificate, and it is also not an option to make the server certificate match the server's IP address. Note, that the server will not have a DNS name, it will only have an IP-address. The GET request looks something like this:
I am fully aware that this solution is prone to man-in-the-middle attacks etc. So, the solution must ignore the lack of trust in the certificate, and ignore the hostname mismatch. Does anybody know the code, that does this, using Java for Android? There are plenty of attempts to explain this on stackoverflow.com, and plenty of code snippets, but they don't seem to work, and nobody has provided one block of code that solves this, as far as I can see. It would be interesting to know if somebody really solved this, or if Android simply blocks certificates that are not trusted.
View 8 Replies
View Related
Feb 23, 2010
I want to connect to a server using ssl/https connection. During handshake between client and the server, I want to have server certificate authentication as well as client certificate authentication. The server certificate authentication is successful. But I don't know how to send client certificate to server for authentication, during the handshake.
View 4 Replies
View Related
Jun 22, 2009
I just got my new HTC Magic ?Maybe a very cool phone? I have a serious problem that I hope someone can help me with or maybe lead me in some direction. I want to sync with my companies Exchange server (exchange 2007) but every time I try I get this error message: ?Error: failed to create account. Please try again later? any ideas? I have been searching the web for a week now ? but no luck. Maybe the problem is related to a certificate problem since we are using a self-signed root certificate and I am not able to import it (like on a Iphone or MS WinMoblie) Maybe someone knows how to import a root-certificate?
View 2 Replies
View Related
Apr 27, 2010
In Android documentation concerning code signing we can read: "By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner." How exactly such code sharing can be done? Is it possible to release main application and multiple exchangeable plugins then discover them at runtime? What does source code looks like and what are advantages over "standard" intents calls from/to different APK packages?
View 2 Replies
View Related
Jan 6, 2010
I'm trying to make Https connections on the Android phones, using HttpClient. Trouble is that since the certificate isn't signed I keep getting "javax.net.ssl.SSLException: Not trusted server certificate". Now I've seen a bunch of solutions where you simply accept all certificates, but what if I want to ask the user? I want to get a dialog similar to that of the browser, letting the user decide to continue or not. Preferably I'd like to use the same certificatestore as the browser.
View 4 Replies
View Related
Jul 16, 2010
I have a self signed server certificate (cert.pem) and need to enable it for SSL sockets in an Android application. Ideally I'd like to package the code as .jar file and not need an external certificate file (i.e. include it into the code). With this code I can accept all certificates, which is not what I want: SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, new TrustManager [] { new MyTrustManager() }, new SecureRandom());
Do I need to add the certificate to a custom KeyManager or the custom TrustManager? One problem I've encountered is that Android does not accept JKS keystores (KeyStore.getDefaultType() returns "BKS"): "java.security.KeyStoreException: KeyStore JKS implementation not found"
View 1 Replies
View Related
Feb 23, 2010
I do not have the keystore that I used when I first created the app and I am wondering if I can create a new certificate using the same details that I used to create the earlier certificate. I have the details available with me.If I do so and update the app using this certificate, will the users get an update notification on their device?
View 9 Replies
View Related
Jun 15, 2009
I am doing a https post and I'm getting an exception of ssl exception Not trusted server certificate. If i do normal http it is working perfectly fine. Do I have to accept the server certificate somehow?
View 7 Replies
View Related
Apr 8, 2010
I'm new to implementing HTTPS connections in Android. Essentially, I'm trying to connect to a server using the org.apache.http.client.HttpClient. I believe, at some point, I'll need to access the application's keystore in order to authorize my client with a private key. But, for the moment, I'm just trying to connect and see what happens; I keep getting an HTTP/1.1 400 Bad Request error.
I can't seem to make heads or tails of this despite many examples (none of them seem to work for me). My code looks like this (the BODY constant is XmlRPC):
CODE:.......................
View 1 Replies
View Related
Feb 11, 2010
Has any one been able to connect to a soap server using ksoap2 android via https?
I keep getting the error that "Hostname <###>was not verified"
CODE:..........
Apparently looking back at other ksoap which isn't for android your ment to us a different call to connect via https, but i can't find a way to do it in the android version.
View 1 Replies
View Related
May 28, 2009
I had configure a Tomcat webserver with SSL and client autification. So I need a clienKey.p12 File to visit the site. If I import the key into Firefox, it works fine.
So I tried to develop a Client from "normal" Java. That works:
CODE:..........
Now I try to develope a Client into Android and I am getting crazy....
Here my two Android implementation:
CODE:...........
I always geht the following Exception:
CODE:................
But the key is the same that I use for the "normal" java Client and for the import into firefox. So the key is valid. But it is signed by me... I don't want to sign it by a commercial Company like verisign.
View 2 Replies
View Related
May 21, 2010
How do I sign an APK with more than one certificate, so that I can do this when I publish to the Android Market...
View 1 Replies
View Related
Jul 16, 2010
If I have an apk can I remove the current signing and some how resign it with a different .keystore file and still have the application install?
View 1 Replies
View Related
Nov 11, 2010
I am trying to get an image from a https url but it doesn't seem to display and get the image correctly but works fine on my computer browser. I have tested out a http url pointing to a different image and it works fine. My code is below:
public Bitmap getContactPhoto(String url) {
Bitmap pic = null; try { pic = BitmapFactory
.decodeStream((InputStream) new URL(
"https://mail.google.com/mail/photos/static/AD34hIjbK2m-Lj333E4nBcCkBC3MYl2tTs0xizuSqUOP3-Jd6DOrpFg1M5HG8jXh0MuPbeFepInZZDu92Dx8ST4b59EbOKmfYTortuuO3P1_Ohyu7b7a3gc")
.getContent()); } catch (MalformedURLException e) {
// TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) {
// TODO Auto-generated catch block e.printStackTrace(); } return pic; }
Here is the code from the activity class that calls the method above:
private ImageView mContactPhoto; private ContactDetailsViewHelper mViewHelper;
mContactPhoto = (ImageView) findViewById(R.id.contact_photo);
mViewHelper = new ContactDetailsViewHelper(mContext);
mContactPhoto.setImageBitmap(mViewHelper.getContactPhoto(mDetail.getImageRef()));
ignore the mDetail.getImageRef, that passes the real url value but for this case I tried hard coding the url as you can see from the getContactPhoto method.
View 1 Replies
View Related
Apr 12, 2010
How to collect URLs of all http/https requests made by the phone as well as well as the return status code and user agent from the headers. This information should be coming for all browser requests and other applications too.Please let me know this information can be retrieved on App level or we have to go to system level for this.
View 5 Replies
View Related
Jan 11, 2010
I want to use HTTPS in my application. The Java URL class does not seem to do the job.
Does anyone have any pointers?
View 3 Replies
View Related
Sep 7, 2010
I downloaded Android SDK when I run setup, it displays the following error message.
Failed to fetch URL https://dl-ssl.google.com/android/repository/repository.xml, reason: HTTPS SSL error. You might want to force download through HTTP in the settings.
View 1 Replies
View Related
Jan 18, 2010
I'm creating an app for the Android platform which will connect with just one site using HTTPS. It is essential that it won't be able to connect to any other sites, even with valid SSL certificates. I want it to be resistant to every form redirection (for example to site pretending to be the one I need to connect with) or other "attacks". Unfortunately I cannot find any good tutorial about SSL in Android.Do you know any? I'd be grateful for some links or advices. Or maybe could you give me some code snippets? My app is prepared to use HttpURLConnection or HttpClient - it makes no difference which path will I choose.
View 2 Replies
View Related
Mar 30, 2010
I'd like to be able to get the MD5 fingerprint of the certificate associated with my app (regardless of whether it's the debug cert or the release cert). You're probably aware that in order to get a Google Maps API key, you need to provide them with the certificate fingerprint of your app so that they can match the key with the fingerprint when you use it so as to ensure it's "really you". I've got a similar situation in which I'd like to make requests against a URL (my server) and would like to pass my app's fingerprint as part of the request. I've got no clue which classes I should be looking at.
View 10 Replies
View Related
Nov 17, 2010
Is there any way to create an X509 certificate on the android device?
View 5 Replies
View Related
Mar 28, 2009
So I have the following code.
StringBuilder sb = new StringBuilder(4096);
while (true) { int i = in.read(); if (i == 0) break;
else if (i == -1) throw new EOFException();
sb.append((char)i); }
What I see (with thousands of times run) is that this code takes about 1ms for every 7-10 bytes read. So reading just 10k takes almost a second!
View 4 Replies
View Related
Jun 2, 2010
I'm trying to load https requests with a Webkit object but It shows only a blank page, with http requests I don't have problems, It shows the page correctly. I have look the source code of the browser, in http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;a... but I don't understand how the browser process the https requests. I think that the class BrowserActivity process the http and https requests but I don't see how to do it. Somebody could explain how the browser process the https request? It uses a Webview object to show the response of the https requests?
View 5 Replies
View Related
Jul 13, 2010
I am trying to stream video over https from Android browser. If the video URL is http, everything works fine. But when I switch the url to https, no video can be played. I tried 2 methods to stream over http/ https through Android browser.
1. Use html5 Video tag on browser (Android 2.0+ device) and call video.play( ) from javascript. - With Https url. Browser launches media player and the player displays alert dialog saying "Can't play video". I captured the client TCP traffic and found no SSL handshake between client and server. It looks like the player pops up the alert on any https link. - With Http url. Browser launches media player and the player can stream the video successfully.
2. Use direct link of html <a> tag on browser and click the link - With Https url. Browser downloads the video file without launching the player. The browser seems not try to load any https link in media player. - With Http url. Browser launches media player and the player can stream the video successfully.
So the above tests make me think Android media player cannot play media from any https url.
View 4 Replies
View Related
Jul 9, 2009
I have Android pet-project DroidIn which utilizes HttpClient 4 (built into Android) to do some form based authentication. I started noticing that people who are using WiFi are reporting connection problems. It also doesn't help that site I'm accessing has self-assigned certificate. Well - the question is (I'm quite vague on WiFi details) If WiFi at the hotspot doesn't support HTTPS would that be a good enough reason for connection to fail and is there anything that I can do beside proxying into another appserver using HTTP which then would call HTTPS site?
View 2 Replies
View Related
Aug 20, 2010
I am receiving this exception, when I try to access a secure site in my App. I am using DefaultHttpClient & BasicHttpParams classes for Http communication..........................
View 16 Replies
View Related
Sep 14, 2010
My application redirects its users to a known domain (secure.gate2shop.com) that its root certificate doesn't exist on Android devices. Normal PC browsers have no problem accessing the site, but Android browser displays to the user that the certificate is untrusted. I don't want that behavior, not even once, so I'm looking for a way to install this certificate on the device from my app.
View 2 Replies
View Related
Apr 15, 2009
I have an application that I want to be able to use the userid: android:sharedUserId="android.uid.system", I need to sign the .apk file with the same certificate as the built in system applications, such as the 'Settings' application. I've located the keystore file in my build directory which is: cacerts.bks, and I have the password for this. What I seem to be missing in order to sign my .apk file is the alias fo the keystore. Does anyone know what the alias is? Or is there an easier way to do this that I'm missing.I know this not a standard thing to do, and is perhaps a hack, but I have a client requirement to meet.
View 2 Replies
View Related
Nov 13, 2010
keytool -list -alias androiddebugkey -keystore ~/.android/debug.keystore. -storepass android -keypass android I'm not sure how I can sign my debugkey so that I can use Google Maps. I have verified in Eclipse that this is where my debugkey is stored.
View 1 Replies
View Related
