I am calling web service from my android client via https. I got to validate the certificate receive from server side. How do I do that ? At present this is my code that I use to call a web service.
How do I validate a self-signed certificate received from server during performing Post ? I got to do testing via public/private keys. Client will have a CA file. Ijust need the client to verify the server certificate using the CA, the service is public .This has to do with public/private key.
Ulf Dittmer wrote:That was a rhetorical question - since no CA knows about the certificate, what should validation entail?
Ulf Dittmer, when I call a web service, the server sends a self-signed certificate, and I got to validate it. My first requirement is :
How to get the server's certificate?
Then coems to validate its public key.
The final option is to deal with the self-signed cert programmaticly. This is usually done by implementing a version of the SSL Socket factory class where the verification is always set to true. There are numerous examples including: