DefaultHttpClient, Certificates, Https and posting problem!

Question

My application needs to be able to post to https and preserve the session that is created with cookies. So far, i have several different ways of trying the problem and none are

Answer 1

This issue is due to the fact that the client application is not able to validate build a certificate path from a trust anchor (a root trusted certification authority) and the SSL server certificate. Therefore this certificate is not trusted and the SSL handshake fails.

The apache HTTPClient API provides a nice feature which could help you. The SSLSocketFactory constructor can take a KeyStore parameter, contains the trusted certificates.

Then you can:

1. create a KeyStore with keytool containing either the root CA certificate or the server certificate directly.
2. add this keystore to your application
3. builds the SSLSocketFactory with this KeyStore

For all technical details and code snippets you can read this blog post from Bob Lee: http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html