Answer the question
In order to leave comments, you need to log in
Android - working with ssl certificates?
Good afternoon.
There was a need to make requests from your application over a secure channel. Never worked with SSL before. How to do it? As I understand it, www.startssl.com
is enough to obtain a certificate
. I read about the types of SSL certificates.
But the certificate is given for a year. Based on questions like this on stackoverflow.com , the key needs to be stored in the application itself. That is, in a year we will have to release an update for the game in order to update the key in it?
Or is it implemented in some other way?
Answer the question
In order to leave comments, you need to log in
To work over https, one server certificate is enough.
A client certificate is needed only for 2-Way-SSL mutual authorization, and it is desirable to have a unique certificate on each device.
It is optimal to use key generation and obtaining a certificate using the SCEP protocol, but Android does not have built-in support for SCEP.
The server will provide it. The only question is whether the client will trust this key. This is what is written above. If the certificate is commercial, as a rule, there will be no problems with trust. If it is self-signed, how does the client know that this certificate can be trusted? - in this case, it is required for him (the client) to explicitly indicate this.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question