Android and https
I recently had to deal with using https with Apache’s http libraries. Not a simple task. If you just create a Uri with https in front of it, and your SSL certificate isn’t from a trusted authority, or if you’re using a self-signed certificate, you’re in for a world of hurt.
There’s a lot of solutions out there, and most of them involve trusting everyone, which isn’t so secure. The best solution I found is here:
Crazy Bob: Trusting SSL Certificates
It’s reasonably secure, but in order to use it, you’ll need the 1.6 JDK. You don’t need the Android SDK to create the needed keystore.
[UPDATE]
That method works if you’re only going to one domain. All other domains stop working with that method. A better method can be found at this Stack Overflow question:
http://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https/6378872#6378872
The code here appends your KeyStores to Android’s list, which is a much better solution. You’ll still need the method for generating a keystore in the first link.
Comments off