Trust specific certificate on JVM-based platforms
I wrote a simple helper which allows loading specific certificate into SSLContext.
You can use it to support untrusted certificate HTTPS connections.
By untrusted certificate I mean this one, which server is certified but system denies it (doesn’t trust it) for some reason.
I found it very useful to load particular certificate dynamically.
- Older Android devices don’t support some new CA providers. If you want to ship an app with support to such CA and don’t want to force a user to install it himself you can add that CA to the app at runtime. Totally transparent to the user.
- Security reasons. No need to install third party certs on the system directly. Eg. during development phase server might be certified by temporarily
ssh-development-only-certificate.cer. No one should trust it except development-phase client app. The second case: you want to use the web proxy. It’s also risky to install proxy certificate for the whole system.
- You have no rights to add proper CA to the system. You told about it your administrator but you’re still waiting or worse, he refuses.
Warning: Copy and Paste
You can easily adopt that code in any JVM language like Groovy, Kotlin, etc.
On Android you can load certificate from assets. Github repo is here.