2

I'm using following method to implement SSL Certification in both java and android app but in many post I saw its not secure and only suitable for testing purposes. so can someone give me a example about implement SSL Certification for a production environment.?

TrustStrategy easyStrategy = new TrustStrategy() {
                @Override
                public boolean isTrusted(X509Certificate[] chain, String authType)
                        throws CertificateException {
                    // eh, why not?
                    return true;
                }
            };

            SchemeRegistry schemeRegistry = new SchemeRegistry();
            SSLContext sslcontext = SSLContext.getInstance("TLS");
            sslcontext.init(null, null, null);
            SSLSocketFactory ssf = new SSLSocketFactory(easyStrategy);
            ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

UPDATE : I found out the server I'm trying to access is issuing a self signed certificate when I connect to it through a web browser. here is the openssl output I got:

verify error:num=18:self signed certificate

and it also gives a lengthy code that it says server certificate. can I use it to create my own certificate and use it inside my applications.?

Improve this question
7
  • stackoverflow.com/questions/2012497/… I hope to help you. Commented Sep 3, 2013 at 4:47
  • I want a solution not only for android but both desktop application and android. this seems like it I'll look through it and let you know. thank you :) Commented Sep 3, 2013 at 4:56
  • This is not 'implementing SSL certification'. This is just accepting any old certificate whatsoever. It is radically insecure. Please define your actual problem. Whatever it is, this is not an acceptable solution beyond testing purposes, and in my opinion not even then. Commented Sep 3, 2013 at 5:22
  • @EJP yes I found its insecure way. I want to make HTTP Restrequests to a web server. Its issuing its own Certification as I understand. So I don't know a way to use it in my application. so I used above method for testing. Now i need to know a secure method to do SSL Certification inside my application. Commented Sep 3, 2013 at 6:38
  • Import the certificate into your truststore. Commented Sep 3, 2013 at 10:03

1 Answer 1

Reset to default
1

If I understand your question correctly, you want a SSL certification for a production environment.

For this purpose, you cannot use the self-signed certification, which is the one you generate yourself. What you need is to buy a certification that is provided by some secure orgnizations.

If you just want to try it out, you can apply for a free trial SSL certification at Comodo. This works the same as the one you can buy, but it is only valid for 3 month.

I don't know which server are you running, but after you get the certification, you just need to upload it to your server. I think this part you can easily find online.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.