There is a REST web service deployed on a server with an SSL certificate installed, on the one hand.

There is an Android application that works with this service, on the other hand.

To access the web service, you must first go through the authentication procedure and give it a login and password.

Questions:

  1. How to transfer your data to the server encrypted via secure SSL, and not just in the body of the HTTP request ??
  2. Is it enough to send a request to the web service via HTTPS so that it is encrypted and transmitted in encrypted form ??
  3. When entering a secured SSL certificate site through a browser, the browser is responsible for providing a client certificate or verifying the server certificate. How does this procedure occur when accessing a secure web service from a custom Android application (not a browser) ??
  4. How many articles about SSL have I re-read, I still can’t understand how the SSL request is sent. Explain to your fingers confused how and in what form an HTTP request is sent over SSL in an Android application ??
  • Or, in other words, "what is HTTPS and why is it enough?" - D-side
  • @ D-side In other words: "SSL principle." How from an Android application to establish a secure connection to a REST web service ?? - GHosT

0