Not trusted certificate using ksoap2-android

Question

I\'m using ksoap2-android to make a call to wcf service over SSL. I can get it to work without SSL, but now I want to make the call over SSL, but I\'ve run in to some proble

Answer 1

Well, there is an easier way to do this instead of modifying HttpsServiceConnectionSE. You can install a fake trust manager as described in http://groups.google.com/group/android-developers/browse_thread/thread/1ac2b851e07269ba/c7275f3b28ad8bbc?lnk=gst&q=certificate and then call allowAllSSL() before you do any SSL communication/call to ksoap2. It will register a new default HostnameVerifier and TrustManager. ksoap2, when doing its SSL communication, will use the default ones and it works like a charm.

You can also put some more effort into this, make it (much) safer, and install certificates in an application local trust manager, I guess. I was in a safe network and not afraid of man-in-the-middle-attacks so I just did the first.

I found it necessary to use KeepAliveHttpsTransportSE like this new KeepAliveHttpsTransportSE(host, port, file, timeout);. The parameters go into a URL object, so e.g. to access a Jira installation it's something like new KeepAliveHttpsTransportSE("host.whatever", 443, "/rpc/soap/jirasoapservice-v2", 1000).

Sometimes its handy if you are new to the technology or the web service you like to use to play around with it in a J2SE environment instead of in the emulator or even on the device, but in the J2SE/ME ksoap2 library the (KeepAlive)HttpsTransportSE stuff is missing (I used ksoap2-j2se-full-2.1.2.jar). What you could do is to get the sources for the three classes HttpsTransportSE, KeepAliveHttpsTransportSE, and HttpsServiceConnectionSE from the Android spin-off ksoap2-android and put them into your J2SE project and use them. It worked for me and it became a productivity improvement to get the first steps right with an unknown and quite complex web service.