I am developing an android application which can connect with multiple node server. This connection needs to be secure so i need certificates. But i cant pay to certificates. As my researches, i will create certificates for each server and sign them with my own root certificate(I also need that). Then i will pin root certificate into my android application. So i can connect multiple server from one android app. But i dont know to create this certificates and how to pin it into android application.
A CA can generate a certificate bound to an IP, but it is not usual. I agree in this case it is more appropriate to use self-generated certificates. You need
1) Create the CA certificate and SSL certificate
Extracted from here You will need openssl
Create the CA certificate
openssl genrsa -out rootCA.key 2048
openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
This will start an interactive script which will ask you for various bits of information. You will get rootCA.pem
Create one certificate for each device
openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256
You’ll be asked various questions (Country, State/Province, etc.) in the second step insert in 'common name' the IP or name of your device. It is important to match the real name because browser or android device will validate it
2) Configure your nodejs server to use https I have no enough knowledge of node.js to provide you a good explanation or a link, so use the official documentation. Maybe some reader could edit this and provide a link
3) add the public key and the chain of the certificate to the truststore of the android application.
Extracted here from
You will need
1) Get the public part of your CA certificate
2) Create a BKS keystore and import the certificate (only the root will be needed)
3) Use the keystore in your app. Create a Custom Apache HTTP client which uses your keystore to configure de SSL connection
The details are in the link, that is in the community wiki.
For Android Volley. Using Android Volley With Self-Signed SSL Certificate