I am calling web service from my android client via https. I got to validate the certificate receive from server side. How do I do that ? At present this is my code that I use to call a web service.
How do I validate a self-signed certificate received from server during performing Post ? I got to do testing via public/private keys. Client will have a CA file. Ijust need the client to verify the server certificate using the CA, the service is public .This has to do with public/private key.
Any help is highly appreciated.
Ulf Dittmer wrote:That was a rhetorical question - since no CA knows about the certificate, what should validation entail?
Ulf Dittmer, when I call a web service, the server sends a self-signed certificate, and I got to validate it. My first requirement is :
How to get the server's certificate?
Then coems to validate its public key.
Perry Hoekstra wrote:Bob Lee posted on his blog a solution to this:
Yes Perry, already had a look at it. It needs Bouncy Castle's and all. I already have my own "certificate.cer" file. With that how do I work out !!!
I pointed out one website and here is another: http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates
Also, there is also the Signing in Debug Mode: http://developer.android.com/guide/publishing/app-signing.html
I have not used this approach.
The final option is to deal with the self-signed cert programmaticly. This is usually done by implementing a version of the SSL Socket factory class where the verification is always set to true. There are numerous examples including: