O'Reilly logo

Android Security Cookbook by Scott Alexander-Bown, Keith Makan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Validating self-signed SSL certificates

Android supports the use of SSL with standard Android API components, such as HTTPClient and URLConnection. However, if you attempt to connect to a secure HTTPS server URL, you may encounter an SSLHandshakeException. The common issues are:

  • The certificate authority (CA) who issued the server SSL certificate is not included in the ~130 CAs that are included as part of the Android system, and therefore, is treated as unknown
  • The server SSL certificate is self signed
  • The server isn't configured with intermediary SSL certificates

If the server isn't configured with intermediary certificates, it's simply a case of installing them to allow the connection code to validate the root of trust. However, if the server is ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required