0

I created a self-signed certificate (server.crt, server.key, server.p12). I get a Python-Python SSL socket connection using this self-signed certificate working just fine.

Python server:

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 10023))
s.listen(5)
s_, fromaddr = s.accept()
connstream = ssl.wrap_socket(s_,
                             server_side=True,
                             certfile="server.crt",
                             keyfile="server.key")
data = connstream.read()
...

Now, I would like my Android application to talk with my Python server. I can get a non SSL connection going. I'm not sure how to proceed with self-signed certificates. My understanding is that I have to store the certificate in Java's truststore. I am having difficulty finding examples of doing this within the Android app (programmatically) using a trusted certificate file (e.g. the crt?). Obviously, the scope of this trust is limited to the app only, and is not intended to be a permanent solution.

Java client (on Android):

SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
Socket socket = ssf.createSocket(HOST, PORT);
PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
out.println("hello from java!");
out.flush();
...

When I try to connect I get the following error on the server:

ssl.SSLError: [Errno 1] _ssl.c:499: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
Improve this question

1 Answer 1

Reset to default
0
  • export crt file at server
  • import crt file from asserts or file at Android code
  • set up crt with TrustManagerFactory at Android code
  • init SSLContext with TrustManagerFactory

this is reference on official document

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This answer was helpful in resolving my problem, but not without researching additional information elsewhere. The official documentation you linked explains TrustManagerFactory as used with an HttpsURLConnection, but not when used with a Socket. After more searching I got a SSL connection going by wrapping an existing InetSocketAddress with a SSLContext after using getSocketFactory(), but I'm not sure if this is the best approach. I think the answer above could be improved with a short example of SSLContext used with TrustManagerFactory.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.