Home/ Questions/Q 8956461
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T14:47:29+00:00

I am using self signed certificates for development and testing purposes. I have investigated

  • 0

I am using self signed certificates for development and testing purposes. I have investigated various approaches to get android emulator to accept self signed certificates. Thus far I have found variations of the following approaches:

  1. Providing your own security classes that will accept any certificate.
  2. Create a keystore for your app that contains the self signed public key.
  3. Setting property socket.relaxsslcheck to yes.

The first 2 options are very involved and introduces into your code a dependency on your environment, e.g. dev, test or prod.

Option 3 I like because the environment configuration drives behaviour, not unlike a web container that will provide the configured datasource to apps running in the container. A development environment will point to a development datasource etc. Unfortunately I am struggling to get it to work. I have tried the following:

  • Using adb to set the property

    adb shell setprop socket.relaxsslcheck yes

  • Using System.setProperty

    System.setProperty("socket.relaxsslcheck","yes")

  • Tried to make change /system/build.prop and default.prop

The first option just gets ignored. From what I have read it seems setting the property will take effect after restarted. But the property seems to be volatile, it does not survive an emulator restart.

The System.setProperty(...) approach seems to be too late as the Factory has already been created. Because of above concern (dev environment specific code in code) I would prefer not to go this route, unless there is no alternative.

The last option is supposed to survive emulator restart, but I am unable to write to those files even after running adb root.

I am new to Android dev and would appreciated some guidance on what the best approach is and how to get it to work.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well, you have to exactly specify ‘yes’ with that option, i.e.:

    -prop socket.relaxsslcheck=yes

    The source code just compares the properties value against ‘yes’ (and does not bother to also test against equivalent values like ‘true’ or ‘1’ …)

    Using the ADT bundle I set that option via

    Run -> Debug Configurations... -> Android Application -> ProjectName -> Target
  -> Additional Emulator Command Line Options

    After a restart of the emulator SSLSocketCertificateFactory works at advertised, i.e. it accepts all certificates. One can verify that via looking at the logs:

    12-08 18:10:52.382: W/SSLCertificateSocketFactory(763): 
  *** BYPASSING SSL SECURITY CHECKS (socket.relaxsslcheck=yes) ***

    I tested it with a self-created certificate – without that property set connecting fails with a certificate verification error, with that property set (or using SSLCertificateSocketFactory.getInsecure()) the TLS socket connects just fine.

    Btw, SSLSocketCertificateFactory seems to be tricky to use at times – for example I am struggling to get an actual instance from that very Factory – people posting workarounds that basically say: ignore that factory. Googling around some people even recommend against using that factory at all – but without giving much reasons.

    • 0