Validating self-signed SSL certificates
Android supports the use of SSL with standard Android API components, such as HTTPClient and URLConnection. However, if you attempt to connect to a secure HTTPS server URL, you may encounter an SSLHandshakeException. The common issues are:
The certificate authority (CA) who issued the server SSL certificate is not included in the ~130 CAs that are included as part of the Android system, and therefore, is treated as unknown
The server SSL certificate is self signed
The server isn't configured with intermediary SSL certificates
If the server isn't configured with intermediary certificates, it's simply a case of installing them to allow the connection code to validate the root of trust. However, if the server is using a self-signed certification or a CA-issued certificate but the CA isn't trusted by Android, we need to customize the SSL validation.
A common practice is to develop and test with servers that have self-signed SSL certificates and only use paid...
