To setup Spring Boot SSL with Android Retrofit connecting on HTTPS 443:<\/p>\n
In Spring Boot<\/p>\n
security.require-ssl=true
\nserver.port=8443
\nserver.ssl.key-store=src\/main\/resources\/private\/keystore
\nserver.ssl.key-store-password=changeit
\nserver.ssl.key-password=changeit<\/code><\/li>\n<\/ol>\n<\/li>\ncreate and add an SSL key<\/a> to the location specified by server.ssl.key-store. Note: the SSL certificate file is actually named “keystore”. \u00a0That’s not a directory.<\/li>\nRestart your Spring server and you should be able to make httpS connections on port 8443<\/li>\n<\/ol>\nIn Android Retrofit<\/p>\n
\n- Add an OkHttp compile dependency to build.gradle<\/li>\n<\/ul>\n
compile 'com.squareup.okhttp:okhttp:2.5.0'<\/code><\/p>\n
\n- Create a class that returns an OkHttp client that doesn’t validate trust certificates (written by Jules White of Vanderbuilt)<\/li>\n<\/ul>\n
\npublic class UnsafeHttpsClient {<\/code><\/p>\n
public static OkHttpClient getUnsafeOkHttpClient() {
\ntry {
\n\/\/ Create a trust manager that does not validate certificate chains
\nfinal TrustManager[] trustAllCerts = new TrustManager[] {
\nnew X509TrustManager() {<\/p>\n
@Override
\npublic void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
\n}<\/p>\n
@Override
\npublic void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
\n}<\/p>\n
@Override
\npublic java.security.cert.X509Certificate[] getAcceptedIssuers() {
\nreturn null;
\n}
\n}
\n};<\/p>\n
\/\/ Install the all-trusting trust manager
\nfinal SSLContext sslContext = SSLContext.getInstance(“SSL”);
\nsslContext.init(null, trustAllCerts, new java.security.SecureRandom());
\n\/\/ Create an ssl socket factory with our all-trusting manager
\nfinal SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();<\/p>\n
OkHttpClient okHttpClient = new OkHttpClient();
\nokHttpClient.setSslSocketFactory(sslSocketFactory);
\nokHttpClient.setHostnameVerifier(new HostnameVerifier() {
\n@Override
\npublic boolean verify(String hostname, SSLSession session) {
\nreturn true;
\n}
\n});<\/p>\n
return okHttpClient;
\n} catch (Exception e) {
\nthrow new RuntimeException(e);
\n}
\n}
\n}<\/p>\n
\n- Update your Retrofit\u00a0rest adapter with this unsafe OkHttp client<\/li>\n<\/ul>\n
return new RestAdapter
\n.Builder()
\n.setEndpoint(server)
\n.setLogLevel(logLevel)
\n.setLog(new AndroidLog(debugTag))
\n.setConverter(new GsonConverter(myGsonDateAdapter()))
\n.setClient(new OkClient(UnsafeHttpsClient.getUnsafeOkHttpClient()))
\n.build()
\n.create(WebProxy.class);<\/code><\/p>\n
In the above example,<\/p>\n
\n- WebProxy is the API interface class.<\/li>\n
- server is obviously the Spring server, should be https and at whatever port specified in Spring’s application.properties<\/li>\n
- debugTag is optional text to prefix Retrofit calls in Android’s console log<\/li>\n
- Converter is not required<\/li>\n<\/ul>\n
Other tools that might help debug<\/p>\n