Validating self-signed SSL certificates

Android supports the use of SSL with standard Android API components, such as HTTPClient and URLConnection. However, if you attempt to connect to a secure HTTPS server URL, you may encounter an SSLHandshakeException. The common issues are:

The certificate authority (CA) who issued the server SSL certificate is not included in the ~130 CAs that are included as part of the Android system, and therefore, is treated as unknown
The server SSL certificate is self signed
The server isn't configured with intermediary SSL certificates

If the server isn't configured with intermediary certificates, it's simply a case of installing them to allow the connection code to validate the root of trust. However, if the server is ...

Get Android Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Android Security Cookbook by Keith Makan, Scott Alexander-Bown

Validating self-signed SSL certificates

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly