It looks like I already searched the entire network, but all I found was advice on how to automatically accept an invalid or self-signed certificate. (Using custom HttpClient and SSLSocketFactory - I already got this working.)
But what I want for my application is that the user receives a browser dialog asking for something like "Do you really want to trust this server? Look at its certificate here." (But only if the certificate is not trusted by default.)
Then the certificate must be placed in the application certificate store, so the next time it will be accepted automatically.
So what I need to know:
- How to upload a certificate (chain) for a specific host / port combination (to show it to the user)?
- How to save a certificate so that I can later upload it to
KeyStore ?
This is my planned workflow in the application:
- Send a request to the server with my custom
HttpClient . Perhaps the certificate is entrusted to the system or already in my store (if so, go to 4). - If the request fails due to SSL issues, show the user a certificate and ask if you want to trust this connection.
- If the user decided to trust, save the certificate in my store and go to 1.
- Hooray, the compound is ready to use.
So does anyone know how to do this?
source share