1) It depends. Do you have a self signed cert on the server side and you are trying to validate your identity to the android device? Or are you on the android side trying to validate your idendity to the server? If it is the former , then please see this link: http://www.codeproject.com/KB/android/SSLVerification_Android.aspx?display=Mobile You want … Read more
I had to do something similar a while back. I had a certificate file and I had to figure out a way to load it in and use it for an SSL connection. Hopefully what I did will help you out. First I had to create a trust manager: public class MyX509TrustManager implements X509TrustManager { … Read more
Given that you’re using Spring, here’s an example that shows how to use Spring’s RestTemplate and Apache’s HttpClient configured with a client certificate and to trust a self-signed certificate from the server: KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(new FileInputStream(new File(“keystore.jks”)), “secret”.toCharArray()); SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( new SSLContextBuilder() .loadTrustMaterial(null, new TrustSelfSignedStrategy()) .loadKeyMaterial(keyStore, “password”.toCharArray()).build()); HttpClient httpClient = … Read more
Yes, it’s possible. There are no cross-browser solutions, though. For Internet Explorer, you will have to use some ActiveX controls using X509Enrollment.CX509EnrollmentWebClassFactory or CEnroll.CEnroll, depending on whether it’s running on Windows XP or Vista/7. This will generate a PKCS#10 certificate request (which you may need to wrap between the traditional delimiters. For the rest, you … Read more
If the server’s certificate is self-signed, then this is working as designed and you will have to import the server’s certificate into your keystore. Assuming the server certificate is signed by a well-known CA, this is happening because the set of CA certificates available to a modern browser is much larger than the limited set … Read more
I’ve been using curl through a mitm proxy for pen-testing and getting the same issue. I finally figured that curl needs a parameter telling it not to check certificate revocation, so the command looks something like this: curl “https://www.example.com” –ssl-no-revoke -x 127.0.0.1:8081 The -x parameter passes the proxy details – you may not need this. … Read more
.p12 and .pfx are both PKCS #12 files. Am I missing something? Have you tried renaming the exported .pfx file to have a .p12 extension?
use IO::Socket::SSL qw(); use WWW::Mechanize qw(); my $mech = WWW::Mechanize->new(ssl_opts => { SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, verify_hostname => 0, # this key is likely going to be removed in future LWP >6.04 }); With IO::Socket::SSL earlier than 1.79, see PERL_LWP_SSL_VERIFY_HOSTNAME.
By default, Cocoa refuses all SSL connections when the certificate is invalid. However, you can force them to accept also invalid certificates. The method depends on which library/framework you are using. For example: For NSURLConnection, check this answer. For ASIHTTPRequest, you need to set the property validatesSecureCertificate to NO. For AFNetworking, you can check the … Read more
I actually had a somewhat similar issue, where a Tomcat application would trust the ca cert in the truststore when using Java 1.6 and reject it with java 1.7. After adding keyUsage to my ca certificate it works (after reading a bug report, JDK-7018897 : CertPath validation cannot handle self-signed cert with bad KeyUsage). What … Read more