Does the Web View on Android Support Ssl

Does the Web View on Android support SSL?

Not an expert, just what i could find on the web.
from what I understand, the WebView does indeed support ssl, however, the blank screen is an indication that the WebView does not believe that the certificate is valid. This may happen with a certificate that is self-signed or a from a root auth that is not set up in android (perfectly valid cert does not validate). In any case, if you are using froyo or better you can try something like:

import android.webkit.WebView;
import android.webkit.WebViewClient;
import android.webkit.SslErrorHandler;
import android.net.http.SslError;

...

engine = (WebView) findViewById(R.id.my_webview);
engine.setWebViewClient(new WebViewClient() {

    @Override
    public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) {
        handler.proceed();
    }
});

Android WebView complains of untrusted certificate but it is trusted in all other browsers

Browsers, in general, handle certificates a little bit different to work around issues as the one you encountered. I'm not familiar with browsers internals to point what is exactly different but I suggest they hold a list of trusted Certificate Authorities (CA) that is updated regularly, more frequently than a list of trusted CAs stored on the device.

Received certificates can be trusted:

• by the Android OS;
• by the app (see below how). I guess this is the alternative option browsers use.

You will have to work around this issue by providing modified SSLContext. How to provide modified SSLContext can be found here.

This is not your case, but the issue can also arise when a certificate is self-signed. This is what I've encountered when developing applications and connecting to TLS enabled backend that uses a self-signed certificate.

Related Topics