05-24-2011 12:27 AM
Hi all, I am trying to figure out if it's possible to port a small Android app for Blackberry. My app makes a http get request to .net web service which is configured to work on https with private server certificate. I created a 'private' keystore that contains the server certificate. Then android app could be built to use that keystore to trust the server. I know this is very device-specific and want to know if the similar things are possible on Blackberry. I spent some time to surf the web and found a few similar questions with no answer. Comments, sharing your experience will be appreciated.
05-24-2011 04:24 AM
05-24-2011 07:12 AM
Hi Simon, it will be better (for security reason) if the certificate can be contained in the app not in phone's key store so that the cert will be used only by the app. Will it be possible?
05-24-2011 07:17 AM
05-24-2011 05:18 PM
Simon, about your notion "certifcates are public per design", do you mean that is a Blackberry design? In Android, using OpenSsl and Keytool, I could create a Bouncy Castle keystore that contains the required server certificate, then the app could import the keystore as raw resourse and use it to verify hostname and do https which means that the certificate is used solely by the app. When I use a browser to visit some https site, it would ask "Untrusted...", if I choose to continue, the certificate would be installed into phone's keystore but this is less desirable for my case because the installed certificate can be used by any app on the phone. Can you please clarify?
05-25-2011 05:18 AM
05-25-2011 06:39 PM
Thanks Simon, you are correct. Server gives out its public key to client and uses its private key as part of TLS handshaking. My English may not have been clear enough. I used 'private' word to say that the certificate is contained in the keystore that belongs to the app only. I am not clear on this yet, would need to study further.
05-25-2011 06:50 PM
Have you tried using MIDP https connection i dont know if this is what you are looking for i hope it works for you