{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ゆ 、 Hurt° 的问题《How do I update the SSL cert in my android apps?》','https://www.manongdao.com/q-481302.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Recently I work on the project that has implemented the SSL.
The SSL cert is expire once per year. And it throw exception in android after I renew the cert on the server.
06-13 11:20:27.709: D/allenj(30076): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
After I looking through the project code, I saw there is a bks file, so , does it mean I have to update the bks file once per year, and I have to re-upload the app to google play as well.
The problem is what is the standard way to cope with the renewal of the SSL cert? Thanks for helping.
Code extract
nnable Register_runnable = new Runnable(){
@Override
public void run() {
EditText emailText = (EditText) findViewById(R.id.editText1regist);
EditText pwText = (EditText) findViewById(R.id.editText2registpw);
String end = "\r\n";
String twoHyphens = "--";
String boundary = "*****";
try {
KeyStore keyStore = KeyStore.getInstance("BKS");
InputStream in =
getResources().openRawResource(R.raw.ballooncardbks);
keyStore.load(in, "".toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("X509");
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
String actionUrl = "https://app.ballooncard.com/api/client/register/format/json";
URL url = new URL(actionUrl);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
// con.setDoInput(true);
con.setDoOutput(true);
con.setUseCaches(false);
con.setRequestMethod("POST");
con.setSSLSocketFactory(context.getSocketFactory());
con.setRequestProperty("Connection", "Keep-Alive");
con.setRequestProperty("Charset", "UTF-8");
con.setRequestProperty("Content-Type", "multipart/form-data;boundary=" + boundary);
Looks like the app is using "certificate pinning", which means that a certificate has been hardcoded into the app, and the app has been instructed to accept only that certificate and no other.
This increases security at the expense that you need to update your app when (ideally before) the certificate expires. You can following the instructions from a post I created here:
https://stackoverflow.com/a/24007536/276949
to generate a new
.bksfile from your certificate. Once this is done, overwrite your old.bksfile and your app should successfully connect via SSL.