On Thu, Nov 24, 2011 at 12:47 AM, mgolds02 <mgold...@gmail.com> wrote: > Thanks for the reply. However, this brings up another issue - how > does the server reject users that dont have the appropriate keystore? > This might be a bit off topic for the Android Developers group but a > point in the right direction would be appreciated.
It's a long story :) Basically, the client signs something with it's private key, and the server validates it. That proves the client has access to the private key. http://en.wikipedia.org/wiki/Secure_Sockets_Layer#Client-authenticated_TLS_handshake > > Would this setting to only allow specific clients with the appropriate > keystore on the server be an Apache setting? > Yes. Refer to the mod_ssl documentation for details. > In general, how do apps that do not require any user credentials only > allow a given app to communicate with a server and reject all others? > A private key and a certificate are credentials. You need to prove you have those to be authenticated. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en