Does OkHttp support accepting self-signed SSL certs?

by

Yes, It does.

Retrofit allows you to set your custom HTTP client, that is configured to your needs.

As for self-signed SSL certs there is a discussion here. The link contains code samples to add self-signed SSL to Android’s DefaultHttpClient and to load this client to Retrofit.

If you need OkHttpClient to accept self signed SSL, you need to pass it custom javax.net.ssl.SSLSocketFactory instance via setSslSocketFactory(SSLSocketFactory sslSocketFactory) method.

The easiest method to get a socket factory is to get one from javax.net.ssl.SSLContext as discussed here.

Here is a sample for configuring OkHttpClient:

OkHttpClient client = new OkHttpClient();
KeyStore keyStore = readKeyStore(); //your method to obtain KeyStore
SSLContext sslContext = SSLContext.getInstance("SSL");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "keystore_pass".toCharArray());
sslContext.init(keyManagerFactory.getKeyManagers(),trustManagerFactory.getTrustManagers(), new SecureRandom());
client.setSslSocketFactory(sslContext.getSocketFactory());

Updated code for okhttp3 (using builder):

    OkHttpClient client = new OkHttpClient.Builder()
            .sslSocketFactory(sslContext.getSocketFactory())
            .build();

the client here is now configured to use certificates from your KeyStore. However it will only trust the certificates in your KeyStore and will not trust anything else, even if your system trust them by default. (If you have only self signed certs in your KeyStore and try to connect to Google main page via HTTPS you will get SSLHandshakeException).

You can obtain KeyStore instance from file as seen in docs:

KeyStore readKeyStore() {
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

    // get user password and file input stream
    char[] password = getPassword();

    java.io.FileInputStream fis = null;
    try {
        fis = new java.io.FileInputStream("keyStoreName");
        ks.load(fis, password);
    } finally {
        if (fis != null) {
            fis.close();
        }
    }
    return ks;
}

If you are on android you can put it in res/raw folder and get it from a Context instance using

fis = context.getResources().openRawResource(R.raw.your_keystore_filename);

There are several discussions on how to create your keystore. For example here

More Related Contents:

  1. Can Retrofit with OKHttp use cache data when offline
  2. How to add headers to OkHttp request interceptor?
  3. Android call api route every few seconds
  4. Logging with Retrofit 2
  5. Get nested JSON object with GSON using retrofit
  6. Retrofit Expected BEGIN_OBJECT but was BEGIN_ARRAY
  7. Using Retrofit in Android
  8. How to set timeout in Retrofit library?
  9. Automatic cookie handling with OkHttp 3
  10. how to use okhttp to upload a file?
  11. How to set connection timeout with OkHttp
  12. Retrofit 2.0 how to get deserialised error response.body
  13. javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
  14. Can’t get OkHttp’s response.body.toString() to return a string
  15. Adding header to all request with Retrofit 2
  16. How does OkHttp get Json string?
  17. How to use interceptor to add Headers in Retrofit 2.0?
  18. Android: Realm + Retrofit 2 + Gson
  19. How to use OKHTTP to make a post request?
  20. Retrofit 2 – URL Query Parameter
  21. OkHttp javax.net.ssl.SSLPeerUnverifiedException: Hostname domain.com not verified
  22. Android Retrofit Parameterized @Headers
  23. Retrofit GSON serialize Date from json string into java.util.date
  24. Need assistance with having executable code
  25. How to make a JTable non-editable
  26. Migration from Struts 1 to Struts 2
  27. Problem with deserialization of LocalDateTime in Junit test
  28. Android: Changing Background-Color of the Activity (Main View)
  29. How to Update JSON value using Java
  30. Converting mysql table to spark dataset is very slow compared to same from csv file

Leave a Comment