Recently I work on the project that has implemented the SSL.

The SSL cert is expire once per year. And it throw exception in android after I renew the cert on the server.

06-13 11:20:27.709: D/allenj(30076): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

After I looking through the project code, I saw there is a bks file, so , does it mean I have to update the bks file once per year, and I have to re-upload the app to google play as well.

The problem is what is the standard way to cope with the renewal of the SSL cert? Thanks for helping.

Code extract

nnable Register_runnable = new Runnable(){
        @Override
        public void run() {
            EditText emailText = (EditText) findViewById(R.id.editText1regist);

            EditText pwText = (EditText) findViewById(R.id.editText2registpw);

            String end = "\r\n";
            String twoHyphens = "--";
            String boundary = "*****";
            try {
                KeyStore keyStore = KeyStore.getInstance("BKS");
                InputStream in =  
                getResources().openRawResource(R.raw.ballooncardbks);
                keyStore.load(in, "".toCharArray());
                TrustManagerFactory tmf = 
                TrustManagerFactory.getInstance("X509");
                tmf.init(keyStore);

                SSLContext context = SSLContext.getInstance("TLS");
                context.init(null, tmf.getTrustManagers(), null);

                String actionUrl = "https://app.ballooncard.com/api/client/register/format/json";
                URL url = new URL(actionUrl);
                HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
             //   con.setDoInput(true);
                con.setDoOutput(true);
                con.setUseCaches(false);
                con.setRequestMethod("POST");

                con.setSSLSocketFactory(context.getSocketFactory());

                con.setRequestProperty("Connection", "Keep-Alive");
                con.setRequestProperty("Charset", "UTF-8");
                con.setRequestProperty("Content-Type", "multipart/form-data;boundary=" + boundary);

Looks like the app is using "certificate pinning", which means that a certificate has been hardcoded into the app, and the app has been instructed to accept only that certificate and no other.

This increases security at the expense that you need to update your app when (ideally before) the certificate expires. You can following the instructions from a post I created here:

https://stackoverflow.com/a/24007536/276949

to generate a new .bks file from your certificate. Once this is done, overwrite your old .bks file and your app should successfully connect via SSL.