Johan1234
By:
Johan1234

Guide for making client accept SSL certificate Android

March 20, 2017 729 views
Apache Java

Hi!

I followed this guide: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-8 to install a SSL certificate on the server. But how can I write the code now so that the client uses it when authenticating in my app? Is there any guide for that?

2 Answers

@Johan1234
You just have to change all your http:// request to https://
Otherwise not sure what you're asking and how this is related to Android.

  • Alright, I create my app in Android studio. But don't you need to do something like this: http://littlesvr.ca/grumble/2014/07/21/android-programming-connect-to-an-https-server-with-self-signed-certificate/ ? Feels too easy to just change the http links to https in my java files and then the traffic is encrypted during authentication. I only want to encrypt the traffic between client and server when you authenticate right now.

    • @Johan1234
      That's it. It is easy thanks to Let's Encrypt. So just change your URLs in your files and that's it. Since this is not a self-signed certificate, it's easy to setup.
      I would highly recommend that you change all your URLs to https - why not?

      • How will the application use the cert on the server that it has then?

        • It will use the public CA list, which is included in Android. The same reason why you can browse this website over HTTPS from your phone.

          • Alright but if I change to https in the code, how can I be sure that no one can listen to the traffic now and don't manipulate anything when you authenticate?

          • It doesn't allow me to reply to your newest post, but I'll just add this to notify you @Johan1234

            That's a huge question, but in quick words: If a certificate is issued via one of the CAs on the public lists, then it's deemed trusted.
            If you want, you can create a self-signed certificate and then you'll see many warnings (both in your code and through the browser) until you add the certificate to your trust list.
            Here's my question to you, how do you know the traffic is secure between your browser and this forum? If you can answer that, then it's the same for your site (or your bank, Gmail or anything else using HTTPS).

  • @hansen

    I think I have fixed all changes to HttpsURLconnection now, in android studio and on the server. How can I make the server show that the traffic is encrypted by writing to log?

Alright I see, thank you for the help then!

Have another answer? Share your knowledge.