CODEWITHSUNDEEP
httpscertificateandroid-volley
Ramindu Weeraman
Ramindu Weeraman

Reputation: 354

Android Volley Self signed certificate

Im trying to access HTTPS url from my android application. I have self signed certificate for my server side(server_certificate.cer).

I want to know how to add self signed certificate to volley network requests to trust my self signed certificate. tried with http://blog.applegrew.com/2015/04/using-pinned-self-signed-ssl-certificate-with-android-volley/

and getting javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Upvotes: 0

Views: 1909

Answers (1)

gregn3
gregn3

Reputation: 1774

I followed that tutorial successfully.

You need to create a keystore file (for example "cert_keystore.pkcs12") to contain your server certificate and add it to your app.

I found it easiest to use the PKCS12 format for the keystore file. (add -deststoretype PKCS12 param when converting the keystore using keytool)

My test server was on an IP address, I had to disable host name verification for it to work with my self signed certificate. This other tutorial was useful.

I had to add HttpsURLConnection.setDefaultHostnameVerifier() with a custom HostnameVerifier and HttpsURLConnection.setDefaultSSLSocketFactory () to newSslSocketFactory().

(newSslSocketFactory() is used in Volley.newRequestQueue(mCtx.getApplicationContext(), new HurlStack(null, newSslSocketFactory()) )

The new newSslSocketFactory() function is now:

private SSLSocketFactory newSslSocketFactory()
{
    try
    {
        KeyStore trusted = KeyStore.getInstance ("PKCS12");

        // Get the raw resource, which contains the keystore with
        // your trusted certificates (root and any intermediate certs)
        InputStream in = mCtx.getApplicationContext().getAssets ().open ("cert_keystore.pkcs12");
        try {
            // Initialize the keystore with the provided trusted certificates
            // Provide the password of the keystore
            trusted.load (in, "password".toCharArray ());
        } finally {
            in.close();
        }

        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(trusted);


        HostnameVerifier hostnameVerifier = new HostnameVerifier() {
            @Override
            public boolean verify (String hostname, SSLSession session) {

                return hostname.equals ("192.168.1.10"); //The Hostname of your server

            }
        };


        HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);


        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, tmf.getTrustManagers(), null);

        SSLSocketFactory sf = context.getSocketFactory();
        HttpsURLConnection.setDefaultSSLSocketFactory (sf);

        return sf;
    }
    catch (Exception e)
    {
        throw new AssertionError(e);
    }
}

Upvotes: 1

Related Questions