Spring Boot SSL with Android Retrofit

To setup Spring Boot SSL with Android Retrofit connecting on HTTPS 443:

In Spring Boot

  1. <your project>/src/main/resources/application.properties – add the following values (not the “1.” which is just WordPress ordered list numbering)
    1. security.require-ssl=true
  2. create and add an SSL key to the location specified by server.ssl.key-store. Note: the SSL certificate file is actually named “keystore”.  That’s not a directory.
  3. Restart your Spring server and you should be able to make httpS connections on port 8443

In Android Retrofit

  • Add an OkHttp compile dependency to build.gradle

compile 'com.squareup.okhttp:okhttp:2.5.0'

  • Create a class that returns an OkHttp client that doesn’t validate trust certificates (written by Jules White of Vanderbuilt)

public class UnsafeHttpsClient {

public static OkHttpClient getUnsafeOkHttpClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {

public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {

public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {

public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;

// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance(“SSL”);
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

OkHttpClient okHttpClient = new OkHttpClient();
okHttpClient.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;

return okHttpClient;
} catch (Exception e) {
throw new RuntimeException(e);

  • Update your Retrofit rest adapter with this unsafe OkHttp client

return new RestAdapter
.setLog(new AndroidLog(debugTag))
.setConverter(new GsonConverter(myGsonDateAdapter()))
.setClient(new OkClient(UnsafeHttpsClient.getUnsafeOkHttpClient()))

In the above example,

  • WebProxy is the API interface class.
  • server is obviously the Spring server, should be https and at whatever port specified in Spring’s application.properties
  • debugTag is optional text to prefix Retrofit calls in Android’s console log
  • Converter is not required

Other tools that might help debug

  • Postman – if you can make an https/8443 GET request to your Spring server, you know Spring is setup properly



, ,