I want to use my self-signed certificate in my Android app, instead of relying on Certificate Authorities.
I've found this link (thoughcrime.org) with the reasons to do so, and some examples, but couldn't adapt it to my loopj scenario (I get no answer from server, see below).
Then I've come to these other links (sproutsocial and Antoine's blog) that address the same problem, including loopj and volley snippets. Finally I used the code below:
private static SSLSocketFactory getSSLSocketFactory(){
try {
// Get an instance of the Bouncy Castle KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the keystore with
// your trusted certificates (root and any intermediate certs)
InputStream in = context.getResources().openRawResource(R.raw.mykeystore);
try {
// Initialize the keystore with the provided trusted certificates
// Also provide the password of the keystore
trusted.load(in, "mysecret".toCharArray());
} finally {
in.close();
}
// Pass the keystore to the SSLSocketFactory. The factory is responsible
// for the verification of the server certificate.
SSLSocketFactory sf = new SSLSocketFactory(trusted);
// Hostname verification from certificate
// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
and, everytime I'm about to make a connection call with AsyncHttpClient
, I set the client`s SSLSocketFactory like this:
private static AsyncHttpClient client = new AsyncHttpClient();
client.setSSLSocketFactory(getSSLSocketFactory());
When creating the keystore, all terminal outputs are just as described at Antoine's blog
Nonetheless my JsonHttpResponseHandler
doesn't receives anything, and its onSuccess
/onFailure
methods aren't called.
I'll appreciate a lot any help on this. Thanks!
EDIT - This question is about the same problem as mine, but got no answers