How to trust self signed certificate on Android?

android ssl ssl-certificate okhttp
34,835

It is important to Android that when you generate your self-signed certificate, you mark it as a Certificate Authority in order to empower it to certify certificates — even if only to sign itself and so certify that it is itself.

This is done in the basicConstraints extension, declaring CA:TRUE instead of the default CA:FALSE. When you import a certificate so marked, Android will consider it a user-installed root certificate, and you should be able to see it under Credential storageTrusted credentialsUSER.

However, a certificate having this bit is a mighty power, and such certificates have been used by nefarious tools to spy on supposedly encrypted user communication in the past. Accordingly, these days, Google Play Protect will want to have a word with the user when this kind of CA certificate is in force.

Share:
34,835
Orest
Author by

Orest

5+ years of experience mostly in backend applications

Updated on January 04, 2022

Comments

  • Orest
    Orest over 2 years

    I have generated self signed certificate for my server. Then added it to Android with Settings -> Security -> Install.

    When I'm trying to connect to my server from the application I'm getting error:

    java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

    As I understand after I've added certificate to list of trusted ones it should work fine. Am I missing something? The idea is to add certificate through Android system without modifying application code.

    Btw I'm using OkHttpClient for network connection. Maybe I should enable something for https connection?

  • eckes
    eckes about 4 years
    Do you know whether this has changed with Android 9? I know that I had this working in the past (after setting CA:TRUE) but with Android 9, I can't get it running anymore...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Using a SSL certificate on an Android device (HTML 5 Chrome application)
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
Android ignore self signed certificate
What is Peer Certificate?
Adding a custom certificate to an OkHttp Client
Exchange ActiveSync is not working with Android's 'verify certificate' setting, what do I need to do to make them work together?
javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified:
Now that SSLSocketFactory is deprecated on Android, what would be the best way to handle Client Certificate Authentication?
OkHttp javax.net.ssl.SSLPeerUnverifiedException: Hostname domain.com not verified
Self-signed SSL acceptance on Android