Android Ideas

  • 5 May 2017
  • 2 replies

Userlevel 1
Badge +8
My Android app, in the google play market here, hasn't been updated in a while. This is because Google made a change to policy regarding how SSL certificates are handled in native java on the platform.

The Nutanix API is only available via https, which makes sense. That said, most people don't install custom certificates in their clusters, and simply accept the built in certificate and store the exception. Those certificates will generally mismatch on the hostname if you are using the API from outside the local network. I'm not aware of a way to ask the user to accept the risk and then store the certificate like we do in a browser.

So, to work around this in the past, I would ignore the hostname field in SSL certs, something like this:
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { Override public boolean verify(String hostname, SSLSession session) { return true; } });

Google won't let any updates be published that include this "Unsecure HostnameVerifier". If a user has to install a valid trusted certificate, or import certs into their phone, or anything like that, then nobody will use the app. Does anybody know of a way to work around this issue?

2 replies

Userlevel 1
Badge +8
Yup, my app works with both CE and Commercial versions. Its also been well tested against both AHV and VMware.

One of the driving reasons for want to update the app is to incorporate some of the new V2 stuff, particularly basic cross hypervisor guest management.

I've cross posted into the CE forums, thanks for the suggestion!
Userlevel 7
Badge +35

I'll ping a few of our folks to see if there is something we can do. Nice to see it's got 5 star rating - great work! Does this work with CE, might want to share with the folks in the CE forums.