Skip to content

Instantly share code, notes, and snippets.

@erickok
Last active May 11, 2023 14:25
Show Gist options
  • Save erickok/7692592 to your computer and use it in GitHub Desktop.
Save erickok/7692592 to your computer and use it in GitHub Desktop.
Loading a self-signed SSL certificate .crt file and packaging it into a SSLSocketFactory for use with a HttpsURLConnection.
// Usage example...
HttpsURLConnection connection = (HttpsURLConnection) new URL("https://someurl.com").openConnection();
connection.setSSLSocketFactory(buildSslSocketFactory());
private static SSLSocketFactory buildSslSocketFactory(Context context) {
// Add support for self-signed (local) SSL certificates
// Based on http://developer.android.com/training/articles/security-ssl.html#UnknownCa
try {
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// From https://www.washington.edu/itconnect/security/ca/load-der.crt
InputStream is = context.getResources().getAssets().openAsset("somefolder/somecertificate.crt");
InputStream caInput = new BufferedInputStream(is);
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
// System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
} finally {
caInput.close();
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
return context.getSocketFactory();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
@user201610
Copy link

It is solved:

put the file under "app/src/main/res/raw" with a name such as "mycertificate.crt".

        int identifier = context.getResources().getIdentifier("mycertificate","raw",context.getPackageName());
        InputStream is = context.getResources().openRawResource(identifier);

@Fuji1405116
Copy link

you can also solve it by :

InputStream is = context.getResources().getAssets().open("certs_server.crt");

where you have your *.crt file in src/main/assets folder.
In the 37th line of the above code, the "context" variable should be renamed to "sslContext"/other as it already exists or needed to call a static method from activity. Everything is just working fine. To understand all the detail and related security issues just follow this official documentation from where the above code snippet has come :

https://developer.android.com/training/articles/security-ssl.html#CommonProblems

@Sargis
Copy link

Sargis commented Apr 29, 2021

how can you use crt file in swift code?

@kswat
Copy link

kswat commented Jun 17, 2021

Usage says: connection.setSSLSocketFactory(buildSslSocketFactory());

private static SSLSocketFactory buildSslSocketFactory(Context context) {

what is Context ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment