I would say that official Android doc will be your best friend in this situation. See here: http://developer.android.com/training/articles/security-ssl.html#UnknownCa
And this is what they say, which is both solving the issue and very smart at the same time:
In this case, the SSLHandshakeException occurs because you have a CA
that isn't trusted by the system. It could be because you have a
certificate from a new CA that isn't yet trusted by Android or your
app is running on an older version without the CA. More often a CA is
unknown because it isn't a public CA, but a private one issued by an
organization such as a government, corporation, or education
institution for their own use.
Fortunately, you can teach HttpsURLConnection to trust a specific set
of CAs. The procedure can be a little convoluted, so below is an
example that takes a specific CA from an InputStream, uses it to
create a KeyStore, which is then used to create and initialize a
TrustManager. A TrustManager is what the system uses to validate
certificates from the server and—by creating one from a KeyStore with
one or more CAs—those will be the only CAs trusted by that
TrustManager.
Given the new TrustManager, the example initializes a new SSLContext
which provides an SSLSocketFactory you can use to override the default
SSLSocketFactory from HttpsURLConnection. This way the connection will
use your CAs for certificate validation.
