On Tue, Feb 7, 2012 at 5:16 AM, Yonatan Romero <[email protected]> wrote: > So I try to connect to others safe-web-pages witch has certificates > signed by CA authorities like Verisign, Thawte, GoDaddy, Digicert, > etc. I noticed that the request sometimes throws the exception and > sometimes not. > > I want to purchase a CA-signed certificated, but I don't know what > requirements takes Android when decides the truthfulness of the > certificates.
You need to make sure that whatever CA issues the certificate you intend to buy is found trusted by your device. Some CAs have a trial certificate with a limited validity (a week or so), that you can use to do actual testing. Or, you can list the trusted certificates on the device with something like this tool (or write your own): https://market.android.com/details?id=info.guardianproject.cacert and check that the CA certificate is trusted by your device. That said, knowing that VeriSign got hacked multiple times with unknown consequences, you might as well use a self-signed certificate. It is a bit more work to implement, but not that much. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
