生成android自簽名證書流程

Step-to-Step Guide to Programming Android SSL with Self-Signed Server Certificate

There is a dearth of SDK documentation on how to work with SSL connections on Android with self-signed certificate. Here is a method that stores a self-signed certificate in the application resource and then later uses that certificate for SSL connections.

1. We create a self-signed server certificate for our SSL server:

keytool -genkey -dname "cn=ssltest, ou=test, o=example, c=US" 
   -alias ssltest -keypass ssltest -keystore c:\test\ssltest.keystore 
   -storepass ssltest -validity 180

2. We export the certificate to a file:

keytool -export -alias ssltest -keystore c:\test\ssltest.keystore 
   -file c:\test\ssltest.cer -storepass ssltest -keypass ssltest

3. Since Android uses the JCE provider from Bouncy Castle, we download the provider jar bcprov-jdk16-145.jar from BC and store it at C:\androidproject\libs.

4. Now, we import the server certificate to our Android project as a raw resource:

keytool -import -alias ssltestcert -file C:\test\ssltest.cer 
   -keypass ssltestcert -keystore C:\androidproject\res\raw\ssltestcert 
   -storetype BKS -storepass ssltestcert 
   -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider 
   -providerpath c:\androidproject\libs\bcprov-jdk16-145.jar

Note that we give it a store type BKS.
If you use the Eclipse ADK, the ADK will automatically create a resource idssltestcert after you refresh the project.

5. We can now use the server certificate in our Java program:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

// Load the self-signed server certificate char [] passphrase = "ssltestcert" .toCharArray(); KeyStore ksTrust = KeyStore.getInstance( "BKS" ); ksTrust.load(context.getResources().openRawResource(R.raw.ssltestcert),               passphrase); TrustManagerFactory tmf = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); tmf.init(ksTrust);   // Create a SSLContext with the certificate SSLContext sslContext = SSLContext.getInstance( "TLS" ); sslContext.init( null , tmf.getTrustManagers(), new SecureRandom());   // Create a HTTPS connection URL url = new URL( "https" , "10.0.2.2" , 8443 , "/ssltest" ); HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();   /* Uncomment the following line of code if you want to skip SSL */ /* hostname verification.  But it should only be done for testing. */ /* See http://randomizedsort.blogspot.com/2010/09/programmatically-disabling-java-ssl.html */ /* conn.setHostnameVerifier(new NullVerifier()); */   conn.setSSLSocketFactory(sslContext.getSocketFactory());