如何更新Android应用程序中的SSL证书？ [英] How do I update the SSL cert in my android apps?

问题描述

最近我处理已实施SSL的项目。

Recently I work on the project that has implemented the SSL.

SSL证书每年到期一次。在我更新服务器上的证书后，它在android中抛出异常。

The SSL cert is expire once per year. And it throw exception in android after I renew the cert on the server.

06-13 11：20：27.709：D / allenj（30076）：javax .net.ssl.SSLHandshakeException：java.security.cert.CertPathValidatorException：找不到证书路径的信任锚。

在查看项目代码后，我看到有一个bks文件，所以，这是否意味着我必须每年更新一次bks文件，我还必须将应用程序重新上传到谷歌播放。

After I looking through the project code, I saw there is a bks file, so , does it mean I have to update the bks file once per year, and I have to re-upload the app to google play as well.

问题是应对SSL证书续订的标准方法是什么？感谢您的帮助。

The problem is what is the standard way to cope with the renewal of the SSL cert? Thanks for helping.

代码提取

nnable Register_runnable = new Runnable(){
        @Override
        public void run() {
            EditText emailText = (EditText) findViewById(R.id.editText1regist);

            EditText pwText = (EditText) findViewById(R.id.editText2registpw);

            String end = "\r\n";
            String twoHyphens = "--";
            String boundary = "*****";
            try {
                KeyStore keyStore = KeyStore.getInstance("BKS");
                InputStream in =  
                getResources().openRawResource(R.raw.ballooncardbks);
                keyStore.load(in, "".toCharArray());
                TrustManagerFactory tmf = 
                TrustManagerFactory.getInstance("X509");
                tmf.init(keyStore);

                SSLContext context = SSLContext.getInstance("TLS");
                context.init(null, tmf.getTrustManagers(), null);

                String actionUrl = "https://app.ballooncard.com/api/client/register/format/json";
                URL url = new URL(actionUrl);
                HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
             //   con.setDoInput(true);
                con.setDoOutput(true);
                con.setUseCaches(false);
                con.setRequestMethod("POST");

                con.setSSLSocketFactory(context.getSocketFactory());

                con.setRequestProperty("Connection", "Keep-Alive");
                con.setRequestProperty("Charset", "UTF-8");
                con.setRequestProperty("Content-Type", "multipart/form-data;boundary=" + boundary);

推荐答案

看起来该应用正在使用证书固定，这意味着证书已经硬编码到应用程序中，并且已经指示应用程序仅接受该证书而不接受其他证书。

Looks like the app is using "certificate pinning", which means that a certificate has been hardcoded into the app, and the app has been instructed to accept only that certificate and no other.

这会增加安全性，代价是您需要在证书过期（理想情况下）之前更新您的应用程序。您可以按照我在此处创建的帖子中的说明进行操作：

This increases security at the expense that you need to update your app when (ideally before) the certificate expires. You can following the instructions from a post I created here:

https：/ /stackoverflow.com/a/24007536/276949

从中生成新的 .bks 文件你的证书。完成后，覆盖旧的 .bks 文件，您的应用应通过SSL成功连接。

to generate a new .bks file from your certificate. Once this is done, overwrite your old .bks file and your app should successfully connect via SSL.

这篇关于如何更新Android应用程序中的SSL证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！