Org glite security trustmanager updating keymanager
Similar to a server, a CA has a certificate and a private key.
When issuing a certificate for a server, the CA signs the server certificate using its private key.
This has all of the downsides discussed earlier of tying your app directly to a certificate, but can be done securely.
However, you should be careful to make sure your self-signed certificate has a reasonably strong key.
The host platform generally contains a list of well known CAs that it trusts.
As of Android 4.2 (Jelly Bean), Android currently contains over 100 CAs that are updated in each release.
When rotating keys, you should check for recommendations from an authority (such as NIST) about what is acceptable.
To help you ensure that this does not happen to your app, this article highlights the common pitfalls when using secure network protocols and addresses some larger concerns about using Public-Key Infrastructure (PKI).
In a typical SSL usage scenario, a server is configured with a certificate containing a public key as well as a matching private key.
But in terms of the details for verifying certificates and hostnames, the Android framework takes care of it for you through these APIs. Https URLConnection Impl$Https Engine.connect(Https URLConnection Impl.java:433) at http. Http URLConnection Input Stream(Http URLConnection Impl.java:177) at http.
Https URLConnection Input Stream(Https URLConnection Impl.java:271) occurs because you have a CA that isn't trusted by the system.