How to create an SSL connection using an installed user certificate on android

Question

We are using user certificates for authentication from our mobile application to an F5 server. We have tested the process using a test certificate that we installed and created a keystore to use in creating our SSLContext object. For production we are using a MDM to dynamically create and install the user certificate onto an android device. This I believe is placing the certificate into the /data/misc/keystore location. The problem we are facing is that we cannot access this user certificate and create an SSLContext with it.

In our testing we have verified that the certificate is on the device by installing Open VPN for Android. The certificate shows up under Android Certificates in Open VPN but requires the user to select it (this is not an option for our application, we need to grab the certificate programmatically).

Everything we have found either deals with CA certs (which we can access), or having the .cer or .pfx file and installing and creating the keystore like we were doing with our test certificate.

Is there a way to access user installed certificates to use in creating an SSLContext?

Our Android version is 4.1.2 (API 16).

We are new to android development and any guidance would be appreciated.

Thanks,

Mike

Answer 1

How about using something like:

SSLContext sslContext 
    = SSLConnections.getSSLContext(keyStoreFile, keyStoreFilePassword);
httpsURLConnection.setSSLSocketFactory(sslContext.getSocketFactory());

Also you can take a look in this link

Answer 2

In order to access user credentials stored on the device keystore, you need to get a permission from the user. Specifically you need to call one of the KeyChain.choosePrivateKeyAlias() (see KeyChain documentation). Once you have the alias (you'll get it in the KeyChainAliasCallback), you can use (from an Activity or Service):

PrivateKey key = KeyChain.getPrivateKey(this, alias);
X509Certificate[] chain = KeyChain.getCertificateChain(this, alias);