Android - working with ssl certificates?

A

Andrey Apanasik2013-07-11 14:47:51

Java

Andrey Apanasik, 2013-07-11 14:47:51

Good afternoon.
There was a need to make requests from your application over a secure channel. Never worked with SSL before. How to do it? As I understand it, www.startssl.com
is enough to obtain a certificate . I read about the types of SSL certificates. But the certificate is given for a year. Based on questions like this on stackoverflow.com , the key needs to be stored in the application itself. That is, in a year we will have to release an update for the game in order to update the key in it? Or is it implemented in some other way?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

M

Maximus43, 2013-07-11
@Suvitruf

To work over https, one server certificate is enough.
A client certificate is needed only for 2-Way-SSL mutual authorization, and it is desirable to have a unique certificate on each device.
It is optimal to use key generation and obtaining a certificate using the SCEP protocol, but Android does not have built-in support for SCEP.

D

Divers, 2013-07-11
@Divers

You can download the key via ftp)

A

Andrew119, 2013-07-11
@Andrew119

The server will provide it. The only question is whether the client will trust this key. This is what is written above. If the certificate is commercial, as a rule, there will be no problems with trust. If it is self-signed, how does the client know that this certificate can be trusted? - in this case, it is required for him (the client) to explicitly indicate this.