1

My android app is hitting an encrypted web service. I have self-signed the cert on the server for the time being.

This question: Trusting all certificates using HttpClient over HTTPS has pointers to http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html which shows how to add trusted certs to your android app and check them when creating a connection. The problem is this is an older post and contains deprecated calls and such.

I've tried googling what I can come up with, but only find older posts using the same deprecated calls. So my question is, how do you do this now?

Community
  • 1
  • 1
Thom
  • 14,013
  • 25
  • 105
  • 185

1 Answers1

1

On Android 7.0+, you can use the network security configuration feature to handle this, though getting it going for self-signed certificates is a bit convoluted. This should work for all Java-based HTTP client APIs.

For Android 4.2 through 6.0, I have a backport of the official network security configuration code for use with HttpUrlConnection and OkHttp3.

The reason for the deprecated calls has nothing to do with self-signed certificates and everything to do with the fact that the copy of Apache's HttpClient baked into Android is deprecated. You need to choose an HTTP client API, and from there figure out how to use self-signed certificates with that.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491