Hi:
I've search the forum and found and coded the solution in this post:
https://www.b4x.com/android/forum/threads/webview-certificate-lets-encrypt.64832/#post-410628
This works fine if the SSL certificate is a valid SSL certificate but if it's self signed, there's an error on the certificate handshaking.
I've googled for the solution and it seems that solution require to configure local keystore:
http://www.smartjava.org/content/how-analyze-java-ssl-errors
https://www.codebyamir.com/blog/java-developers-guide-to-ssl-certificates
but for my needs, that's not possible (the webview is part an app and it's not possible to access-configure the local keystore of the user computer) and I've not found other solution.
Is there any inline code that allows to load an URL from a Server configured with an SSL self signed certificate ?
Thanks
(Attached the B4J code/see the differents logs if the Page comes from a Server with a valid SSL certificate or self signed
For those who searched the solution for b4j, just add this:
(it took me about 5 hours non-stop web sniffing but the solution is easy and effective)
Sub AppStart (Form1 As Form, Args() As String)
Dim jo As JavaObject = Me
jo.RunMethod("disableSSLTest", Null)
'now you can open web-sites wich uses self-signed ssl
Web.LoadUrl("
https://192.168.0.18")
End Sub
#if JAVA
import java.security.GeneralSecurityException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;
public static void disableSSLTest() {
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (GeneralSecurityException e) {
}
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
}
#end if