Adding SSL Certificate to Retrofit 2

I assume that you already know how to get SSL certificate from your server and you already put it in android resource inside “raw” directory.

SS

SSL Certificate File

Here is how to read in in android and add to your retrofit.

private static SSLContext getSSLConfig(Context context) throws CertificateException, IOException,
            KeyStoreException, NoSuchAlgorithmException, KeyManagementException {

    // Loading CAs from an InputStream
    CertificateFactory cf = null;
    cf = CertificateFactory.getInstance("X.509");

    Certificate ca;
    // I'm using Java7. If you used Java6 close it manually with finally.
    try (InputStream cert = context.getResources().openRawResource(R.raw.your_certificate)) {
        ca = cf.generateCertificate(cert);
    }

    // Creating a KeyStore containing our trusted CAs
    String keyStoreType = KeyStore.getDefaultType();
    KeyStore keyStore   = KeyStore.getInstance(keyStoreType);
    keyStore.load(null, null);
    keyStore.setCertificateEntry("ca", ca);

    // Creating a TrustManager that trusts the CAs in our KeyStore.
    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
    tmf.init(keyStore);

    // Creating an SSLSocketFactory that uses our TrustManager
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, tmf.getTrustManagers(), null);

    return sslContext;
}

By default Retrofit using OkHttp as the http client library, and here is the last step.

Retrofit.Builder builder = new Retrofit.Builder().baseUrl(Constant.BASE_API_URL);

OkHttpClient okHttp = new OkHttpClient();
okHttp.setSslSocketFactory(getSSLConfig(contex).getSocketFactory());

Retrofit retrofit = builder.client(okHttp).build();
retrofit.create(serviceClass)

References:
http://developer.android.com/training/articles/security-ssl.html
http://stackoverflow.com/a/31436459/1936697

Advertisements

3 comments

    1. You need to use sslSocketFactory() method of OkHttpClient.Builder class. Retrofit2 doesn’t have this functionality.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s