It feels like I searched the whole web already, but all I found are hints on how to accept an invalid or self-signed certificate automatically. (Using custom HttpClient
and SSLSocketFactory
- I already got that working.)
But what I want for my app is that the user gets a browser-like dialog asking something like "Do you really want to trust this server? Here, have a look at its certificate." (But only if the certificate isn't trusted by the default checks.)
Then the certificate should be put in the app's certificate store, so next time it's accepted automatically.
So what I need to know is:
- How to download the certificate (chain) for a specific host/port combination (to be able to show it to the user)?
- How to store the certificate in a way so I can load it in a
KeyStore
later?
This is my planned work flow in the app:
- Send a request to the server with my custom
HttpClient
. Maybe the certificate is trusted by the system or already in my store (if yes, go to 4). - If the request failed due to SSL issues, show the user the certificate and ask whether to trust this connection.
- If the user chose to trust, store the certificate in my store and go to 1.
- Hooray, connection is ready to use.
So anyone knows how to do this?