Android :: How To Enable Self Signed Certificate For SSL Sockets On Android?
Jul 16, 2010
I have a self signed server certificate (cert.pem) and need to enable it for SSL sockets in an Android application. Ideally I'd like to package the code as .jar file and not need an external certificate file (i.e. include it into the code). With this code I can accept all certificates, which is not what I want: SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, new TrustManager [] { new MyTrustManager() }, new SecureRandom());
Do I need to add the certificate to a custom KeyManager or the custom TrustManager? One problem I've encountered is that Android does not accept JKS keystores (KeyStore.getDefaultType() returns "BKS"): "java.security.KeyStoreException: KeyStore JKS implementation not found"
View 1 Replies
Jan 25, 2010
Anyone else experiencing this problem or know of a solution? I have a Digicert signed https certificate that is throwing an SSLException (Not trusted server certificate). This doesn't make any sense as Digicert is a recognized certificate authority. I can connect to my https url without a problem via IE, Firefox, and Safari so they appear to have no issue with the certificate. Here's the code I'm using. Very simple stuff......................
View 3 Replies
View Related
Apr 29, 2010
I need to do is download some basic text-based and image files from a web server that has a self-signed SSL certificate. I have been trying to figure out how to use HttpClient to do this, but getting the SSL to work is a nightmare that seems to be way too much trouble for such a simple task. Is there a better way to perform these file downloads? Perhaps through a WebView or Browser feature? Reinventing the wheel of making a simple HTTPS GET request is a major pain, and is significantly holding up my development schedule.
View 3 Replies
View Related
Jun 22, 2009
I just got my new HTC Magic ?Maybe a very cool phone? I have a serious problem that I hope someone can help me with or maybe lead me in some direction. I want to sync with my companies Exchange server (exchange 2007) but every time I try I get this error message: ?Error: failed to create account. Please try again later? any ideas? I have been searching the web for a week now ? but no luck. Maybe the problem is related to a certificate problem since we are using a self-signed root certificate and I am not able to import it (like on a Iphone or MS WinMoblie) Maybe someone knows how to import a root-certificate?
View 2 Replies
View Related
Apr 27, 2010
In Android documentation concerning code signing we can read: "By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner." How exactly such code sharing can be done? Is it possible to release main application and multiple exchangeable plugins then discover them at runtime? What does source code looks like and what are advantages over "standard" intents calls from/to different APK packages?
View 2 Replies
View Related
Sep 21, 2010
I have looked into various posts about how to retrieve something via HTTPS on Android, from a server that uses a self-signed certificate. However, none of them seem to work - they all fail to remove the "javax.net.ssl.SSLException: Not trusted server certificate" message. It is not an option to modify the server to have a trusted certificate, and it is also not an option to make the server certificate match the server's IP address. Note, that the server will not have a DNS name, it will only have an IP-address. The GET request looks something like this:
I am fully aware that this solution is prone to man-in-the-middle attacks etc. So, the solution must ignore the lack of trust in the certificate, and ignore the hostname mismatch. Does anybody know the code, that does this, using Java for Android? There are plenty of attempts to explain this on stackoverflow.com, and plenty of code snippets, but they don't seem to work, and nobody has provided one block of code that solves this, as far as I can see. It would be interesting to know if somebody really solved this, or if Android simply blocks certificates that are not trusted.
View 8 Replies
View Related
May 1, 2010
For my app, I need to record audio from MIC on an Android phone, and send it over TCP to the other android phone, where it needs to be played. I am using AudioRecord and AudioTrack class. This works great with a file - write audio to the file using DataOutputStream, and read from it using DataInputStream. However, if I obtain the same stream from a socket instead of a File, and try writing to it, I get an exception. I am at a loss to understand what could possibly be going wrong.
This is the code:.................
View 2 Replies
View Related
Jul 9, 2010
I've been trying to connect two Android devices (2.1) via TCP sockets.
The vital part of the code:
Server:
ServerSocket serverSocket = new ServerSocket(SERVERPORT);
Client:
Socket socket = new Socket(serverAddr, SERVERPORT);
The weird thing is I can make it work if the client is an emulator, but the same code fails if running both of them on real devices.
The failure in the client side is:
CODE:................
I tried with WIFI and mobile net too, they were in the same subnet both times, INTERNET permission is given, the server is addressed through its real 192.168.. IP. I am planning to change the socket implementation with setCustomSocketImplFactory(). The problem is crucial in the process of implementing MSRP protocol to Android.
View 1 Replies
View Related
Sep 24, 2013
I am trying to implement basic Datagram Sockets in Android. I am starting with one of the samples available on the web:
Code:
String messageStr="Hello Android!";
int server_port = 54372;
try {
[code].....
The program dies when it hits the s.send(p) command.
View 2 Replies
View Related
Sep 20, 2010
In iPhone there is Cocoa Asynchronous socket library. Is there a similar library in Java for Android? Can it be done using Java Asynchronous sockets(NIO library) or is there a way I can make use of NDK for Android and use native libraries for asynchronous sockets?
View 1 Replies
View Related
Jun 6, 2009
An application I'm working on stopped being usable after upgrading to 1.5, and the reason seems to be that, after joining a WiFi network and creating a TCP/IP or UDP/IP socket, there is no way to communicate using it from a remote entity. I can not even ping the phone using the normal ping command, which was possible using 1.0. This affects my program since it's using mDNS/DNS-SD and peer-to-peer TCP sockets for communication. Is there anyone else who can confirm this?I have tried running the program built with SDK 1.0 and SDK 1.5 while running on a real phone running Android 1.5 and the problem is still the same.
View 2 Replies
View Related
May 30, 2010
I have an Android activity which in turn starts a thread. In the thread I open a persistent TCP socket connection. When the socket connects to the server dynamic data is downloaded. The thread sends messages using Handler-class to the activity when data has been received. Now if the user happens to switch from portrait to landscape mode the activity gets an onDestroy call. At this moment I close the socket and stop the thread. When Android has switched landscape mode it calls onCreate yet again and I have to do a socket re-connect. Also, all of the data the activity received needs to be downloaded once more because the server does not have the ability to know what has been sent before, i.e. there is no "resume" feature.
Thus the problem is that there is alot of data which is resent all the time when landscape mode is changed. What are my options here? Should I create a service which handles the socket traffic towards the server thus I always got all the data which the server has sent in the service. Or should I disable landscape mode all together perhaps? Or would my best bet be to rewrite my server which is a VERY BIG job
View 1 Replies
View Related
Nov 19, 2009
I would like to simulate a small cluster of Android devices either on one laptop (worst-case), or on several machines on a private network. This is for testing communications and process migration on Android.
Is there a safe way to identify and launch a particular emulator from a given application under Eclipse? I have a recent Eclipse/Java/ADT setup and I'm using the a variety of tutorials from Mark Murphy, Meier, and Abelson.
View 1 Replies
View Related
May 22, 2012
Is it possible to write a in-app openvpn connection (via streams and sockets)? If it is, then is there any android application which managed that already? I have also problems finding in-depth openvpn protocol description.
View 4 Replies
View Related
Feb 23, 2010
I do not have the keystore that I used when I first created the app and I am wondering if I can create a new certificate using the same details that I used to create the earlier certificate. I have the details available with me.If I do so and update the app using this certificate, will the users get an update notification on their device?
View 9 Replies
View Related
May 28, 2009
I had configure a Tomcat webserver with SSL and client autification. So I need a clienKey.p12 File to visit the site. If I import the key into Firefox, it works fine.
So I tried to develop a Client from "normal" Java. That works:
CODE:..........
Now I try to develope a Client into Android and I am getting crazy....
Here my two Android implementation:
CODE:...........
I always geht the following Exception:
CODE:................
But the key is the same that I use for the "normal" java Client and for the import into firefox. So the key is valid. But it is signed by me... I don't want to sign it by a commercial Company like verisign.
View 2 Replies
View Related
May 21, 2010
How do I sign an APK with more than one certificate, so that I can do this when I publish to the Android Market...
View 1 Replies
View Related
Jul 16, 2010
If I have an apk can I remove the current signing and some how resign it with a different .keystore file and still have the application install?
View 1 Replies
View Related
Mar 30, 2010
I'd like to be able to get the MD5 fingerprint of the certificate associated with my app (regardless of whether it's the debug cert or the release cert). You're probably aware that in order to get a Google Maps API key, you need to provide them with the certificate fingerprint of your app so that they can match the key with the fingerprint when you use it so as to ensure it's "really you". I've got a similar situation in which I'd like to make requests against a URL (my server) and would like to pass my app's fingerprint as part of the request. I've got no clue which classes I should be looking at.
View 10 Replies
View Related
Nov 17, 2010
Is there any way to create an X509 certificate on the android device?
View 5 Replies
View Related
Aug 20, 2010
I am receiving this exception, when I try to access a secure site in my App. I am using DefaultHttpClient & BasicHttpParams classes for Http communication..........................
View 16 Replies
View Related
Sep 14, 2010
My application redirects its users to a known domain (secure.gate2shop.com) that its root certificate doesn't exist on Android devices. Normal PC browsers have no problem accessing the site, but Android browser displays to the user that the certificate is untrusted. I don't want that behavior, not even once, so I'm looking for a way to install this certificate on the device from my app.
View 2 Replies
View Related
Apr 15, 2009
I have an application that I want to be able to use the userid: android:sharedUserId="android.uid.system", I need to sign the .apk file with the same certificate as the built in system applications, such as the 'Settings' application. I've located the keystore file in my build directory which is: cacerts.bks, and I have the password for this. What I seem to be missing in order to sign my .apk file is the alias fo the keystore. Does anyone know what the alias is? Or is there an easier way to do this that I'm missing.I know this not a standard thing to do, and is perhaps a hack, but I have a client requirement to meet.
View 2 Replies
View Related
Nov 13, 2010
keytool -list -alias androiddebugkey -keystore ~/.android/debug.keystore. -storepass android -keypass android I'm not sure how I can sign my debugkey so that I can use Google Maps. I have verified in Eclipse that this is where my debugkey is stored.
View 1 Replies
View Related
Dec 8, 2009
I just published my first application to the market and the "Just in" display show my icon and app name, but under the app name is shows my birth certificate name! How can I change this? Is it something I am missing in my manifest? I'm sure my mom would it; but me -- not so much.
View 11 Replies
View Related
Sep 19, 2009
My debug.keystore certificate has expired. Does anyone know how to force Android to regenerate either certificate or the whole directory under
View 2 Replies
View Related
Feb 23, 2010
I want to connect to a server using ssl/https connection. During handshake between client and the server, I want to have server certificate authentication as well as client certificate authentication. The server certificate authentication is successful. But I don't know how to send client certificate to server for authentication, during the handshake.
View 4 Replies
View Related
Sep 25, 2010
I access asp.net web service..! My web service name is "https://192.168.1.2/Sample/service.asmx" But it will show the following Exception "javax.net.ssl.SSLException: Not trusted server certificate" This is my code...............
View 7 Replies
View Related
Feb 9, 2010
I want to use HttpPost over https/ssl. I get 'Not trusted server certificate' error. I've found a lot of posts, seems that many people have similar problems and I've found two suggestions: 1) Change server's certificate. Current certificate is self-signed as localhost.localdomain. Unfortunetly it's not my server and I cannot change the certificate. 2) Use HttpsUrlConnection instead of HttpClient. But I cannot use it because sometimes (when response's code is 401 or 403) I got IOException during getting response code or reading inputstream.
So I've found 3rd solution - use httpclient, when system throws excetpion 'not trusted server certificate' than display warning, inform user that certificate is not trusted and ask if he wants to add this one to the keystore (webbrowser works this way). But I've no idea how to get certificate from the server and add to keystore.
View 4 Replies
View Related
Oct 7, 2010
I've posted this on Android Security as well, but that group does not appear to have as much activity. Actually I guess my question belongs in this group anyway, even though it touches on some of the security aspects of android packages. My goal is to access the certificate that was used to sign the apk package; and ordinarily, I would do that from inside the program like this
Certificates[] signingCertificates = getClass().getProtectionDomain().getCodeSource().getCertificates();
Unfortunately it appears that getProtectionDomain() returns null on android - according to the specs
http://developer.android.com/reference/java/lang/Class.html#getProtec...
This method might return null (to converse space?) but only for system classes. Since I'm calling this from one of my own classes, I would expect to get a non-null value, but unfortunately not. I have tried from the emulator, and from an application deployed on my phone using adb through a USB cable. I'm using the latest SDK (2.2) and targeting android 1.6. So I guess I have two questions, the first being: why does getProtectionDomain return null, and have anyone had any success using this method from inside an android application. And the second: Is there some other way to access the certificate that a given apk package was signed with (I can live with the restriction that only a given package can know its own certificate).
View 2 Replies
View Related
