I am performing HTTP Basic Authentication in my Android application. Recently, however, I have been having problems authenticating users due to the following change made on my server:

“…SSL certificates with a key length of 1,024 bits or fewer will be insufficient for security after December 31, 2010. In compliance with these guidelines, most SSL certificate vendors (including GeoTrust) have begun issuing these new 2048-bit keys.”

The recommendation was made to update my Java Runtime Environment. However, seeing as how my application is on the Android, I don’t believe that this would do anything. Therefore, my question is this:

How can I change the following code to use 2048-bit encryption? Is this possible? Does anyone have any recommendations? I’d greatly appreciate it. Thanks!

DefaultHttpClient client = new DefaultHttpClient();
client.getParams().setParameter("Content-type",
        "application/xml");
client.getCredentialsProvider().setCredentials(
        new AuthScope(Constants.SERVER_HOST,
                Constants.SERVER_PORT,
                Constants.SERVER_REALM),
        new UsernamePasswordCredentials(username.getText()
                .toString(), password.getText().toString()));

String getURL = Constants.SERVER_URL;
HttpGet get = new HttpGet(getURL);
responseGet = client.execute(get);

Stack trace errors:

javax.net.ssl.SSLException: Not trusted server certificate
Caused by: java.security.cert.CertificateException:
Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not     found.java.security.cert.CertPathValidatorException: