I am working on a small android app, only for test purposes. I can get a secure connection with JSSE, but can i keep the server public certificate on the client side. Without registering on a CA.
Asked
Active
Viewed 16 times
0
-
For this to be secure you need to encode the specific certificate you want to accept into your client application. If you blindly trust any self-signed certificate, then anyone can spoof the server (or proxy the requests). – Generous Badger May 19 '21 at 08:51
-
Thanks, this makes sense. This is what i wanted to do, but i have not found how to implement this into JSSE. – ilearnjava May 19 '21 at 08:57
-
Thanks for your help. I want to make a secure connection to my backend server, but instead of veryfing the server certificate over a CA, i want to store it client sided. – ilearnjava May 19 '21 at 09:14
-
Just import the server certificate into your truststore. – user207421 May 19 '21 at 10:36
-
Thank you, if did that and it worked, i used https://stackoverflow.com/questions/2893819/accept-servers-self-signed-ssl-certificate-in-java-client – ilearnjava May 19 '21 at 16:46