Create CA Root Certificate and generate Self-Signed SSL Certificates

Blog post - http://ajden.towfeek.se/post/become-your-own-root-certificate-authority-and-create-self-signed-ssl-certificates

android_main_xml

<?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
              android:orientation="vertical"
              android:layout_width="fill_parent"
              android:layout_height="fill_parent"
        >
    <Button
            android:id="@+id/downloadButton"
            android:layout_width="fill_parent"
            android:layout_height="wrap_content"
            android:text="Get with DownloadManager"
            />
    <ImageView
            android:id="@+id/image"
            android:layout_width="fill_parent"
            android:layout_height="fill_parent"
            />
</LinearLayout>

android_mainactivity

public class MainActivity extends Activity {

    final String FILE_TO_DOWNLOAD = "https://kingen.se/iis-85.png";
    final String DOWNLOAD_ID = "PREF_DOWNLOAD_ID";

    SharedPreferences preferenceManager;
    DownloadManager downloadManager;
    ImageView image;

    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.main);

        preferenceManager = PreferenceManager.getDefaultSharedPreferences(this);
        downloadManager = (DownloadManager)getSystemService(DOWNLOAD_SERVICE);

        image = (ImageView)findViewById(R.id.image);

        Button downloadManagerButton = (Button)findViewById(R.id.downloadButton);
        downloadManagerButton.setOnClickListener(new View.OnClickListener() {
            @Override
            public void onClick(View v) {
                Uri downloadUri = Uri.parse(FILE_TO_DOWNLOAD);
                DownloadManager.Request request = new DownloadManager.Request(downloadUri);
                long downloadId = downloadManager.enqueue(request);

                SharedPreferences.Editor PrefEdit = preferenceManager.edit();
                PrefEdit.putLong(DOWNLOAD_ID, downloadId);
                PrefEdit.commit();
            }
        });
    }

    @Override
    protected void onResume() {
        super.onResume();

        IntentFilter intentFilter = new IntentFilter(DownloadManager.ACTION_DOWNLOAD_COMPLETE);
        registerReceiver(downloadReceiver, intentFilter);
    }

    @Override
    protected void onPause() {
        super.onPause();
        unregisterReceiver(downloadReceiver);
    }

    private BroadcastReceiver downloadReceiver = new BroadcastReceiver() {
        @Override
        public void onReceive(Context context, Intent intent) {
            DownloadManager.Query query = new DownloadManager.Query();
            query.setFilterById(preferenceManager.getLong(DOWNLOAD_ID, 0));
            Cursor c = downloadManager.query(query);
            if (c.moveToFirst()) {
                int statusIndex = c.getColumnIndex(DownloadManager.COLUMN_STATUS);
                int status = c.getInt(statusIndex);
                if (status == DownloadManager.STATUS_SUCCESSFUL) {
                    ParcelFileDescriptor file;
                    long downloadID = preferenceManager.getLong(DOWNLOAD_ID, 0);
                    try {
                        file = downloadManager.openDownloadedFile(downloadID);
                        FileInputStream fileInputStream = new ParcelFileDescriptor.AutoCloseInputStream(file);
                        Bitmap bm = BitmapFactory.decodeStream(fileInputStream);
                        image.setImageBitmap(bm);
                    } catch (FileNotFoundException e) {
                        e.printStackTrace();
                    }
                }
            }

            c.close();
        }
    };
}

create_dirs

mkdir /etc/ssl/{CA,certs,crl,newcerts,private}

create_index

echo "01" > /etc/ssl/CA/serial
touch /etc/ssl/CA/index.txt

csr

openssl req -new -key server.key.secure -out server.csr

csr_privkey

openssl genrsa -des3 -out server.key.secure 4096

gen_ssl

openssl ca -in server.csr

generate_root

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

move_ca

mv cakey.pem /etc/ssl/private
mv cacert.pem /etc/ssl/certs

openssl.cnf

[ CA_default ]
 
dir		= /etc/ssl		# Where everything is kept
certs		= $dir/certs		# Where the issued certs are kept
crl_dir		= $dir/crl		# Where the issued crl are kept
database	= $dir/CA/index.txt	# database index file.
#unique_subject	= no			# Set to 'no' to allow creation of
					# several ctificates with same subject.
new_certs_dir	= $dir/newcerts		# default place for new certs.

certificate	= $dir/certs/cacert.pem 	# The CA certificate
serial		= $dir/CA/serial 		# The current serial number
crlnumber	= $dir/crlnumber	# the current crl number
					# must be commented out to leave a V1 CRL
crl		= $dir/crl.pem 		# The current CRL
private_key	= $dir/private/cakey.pem# The private key
RANDFILE	= $dir/private/.rand	# private random number file

pkcs12

openssl pkcs12 -export -in <pem-file-from-previous-step> -inkey server.key.secure -out cert.p12

stackoverflow

I've found a very easy solution for this:

request = new DownloadManager.Request(sourceUrl.replace("https://", "http://"))

Surprisingly worked for all https URLs that I tried. I'm not sure about the https security, but there is no exception and file gets downloaded properly.

win_hosts

127.0.0.1       kingen.se
127.0.0.1       facebook.com