SSL Certificates - mattsilber/netclient GitHub Wiki

Getting the cert

echo | openssl s_client -connect ${https://myserver.com}:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > mycert.pem

Building the keystore file

export CLASSPATH=bcprov-jdk16-145.jar
CERTSTORE=nc__cert.bks
if [ -a $CERTSTORE ]; then
    rm $CERTSTORE || exit 1
fi
keytool \
      -import \
      -v \
      -trustcacerts \
      -alias 0 \
      -file <(openssl x509 -in mycert.pem) \
      -keystore $CERTSTORE \
      -storetype BKS \
      -provider org.bouncycastle.jce.provider.BouncyCastleProvider \
      -providerpath /usr/share/java/bcprov.jar \
      -storepass ez24get

You can get BouncyCastle JARs from: https://www.bouncycastle.org/latest_releases.html Just replace 'bcprov-jdk16-145.jar' with the version you use.

Also make sure to change the password 'ez24get' to whatever yours is.

Credits for this go to http://stackoverflow.com/a/6378872/1426565 and http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

Multi-API Support

If you're connecting to multiple API's, odds are you're going to have different certificates. In this case, you'll need to provide the correct certificate info to the WebRequest. That can be done by calling setSslCertificateInfo(int, String) with the resource ID of the certificate file and the password to said file, respectively.