Trust specific certificate on JVM-based platforms
I wrote a simple helper which allows loading specific certificate into SSLContext.
You can use it to support untrusted certificate HTTPS connections.
By untrusted certificate I mean this one, which server is certified but system denies it (doesn’t trust it) for some reason.
I found it very useful to load particular certificate dynamically.
For example:
- Older Android devices don’t support some new CA providers. If you want to ship an app with support to such CA and don’t want to force a user to install it himself you can add that CA to the app at runtime. Totally transparent to the user.
- Security reasons. No need to install third party certs on the system directly. Eg. during development phase server might be certified by temporarily
ssh-development-only-certificate.cer
. No one should trust it except development-phase client app. The second case: you want to use the web proxy. It’s also risky to install proxy certificate for the whole system. - You have no rights to add proper CA to the system. You told about it your administrator but you’re still waiting or worse, he refuses.
Warning: Copy and Paste
#Example usage
You can easily adopt that code in any JVM language like Groovy, Kotlin, etc.
On Android you can load certificate from assets. Github repo is here.
Written on March 29, 2016