How and what server certificate to use with android SSL client certificate authentication

5
votes

I'm developing a network-enabled android application that uses SSL client certificates to authenticate and secure connections to my server.

I have two questions: (1) should I use a self-signed server certificate or a commercial one? And (2) should I include the server certificate inside the apk file that users install or should I have the application connect to my server to get the server certificate over the network (for the purpose of making the device trust the server cert)?

When I ask what I "should" do, I'm asking what are the benefits and disadvantages of each choice?

Right now I am using a self-signed certificate included with the apk file. When the user runs the app for the first time, it reads the included self-signed cert into the trust store so the device will connect to my server with no complaints. I suppose if I use a commercial cert then my question #2 might become moot, since the device may trust the cert from the server with no issues.

One more possibly-relevant detail: this application is not being distributed through the android market. Users will download the application from my server, so I can include whatever server certificate I want, including a different one for each user if I needed to.

I have my own ideas about the various advantages and drawbacks to each possible answer to my two questions, but I'm interested in what others--hopefully security minded--have to say on the matter.

Thanks in advance!

1
androidsslssl-certificate
+1 as I am faced with a similar issue. What direction did you end up going? - John Livermore
I've chosen self-signed cert for the following reasons: (1) the benefit of a commercial cert is browser recognition. My android app is my creation so I can include any root cert I want, thus using a commercial cert gets me no marginal advantage. On the other hand, (2) a commercial cert introduces a risk, since now not only am I vulnerable to attack against my security, but also the certification authority's. If the CA gets hacked, loses its private key or gets tricked into issuing a server cert with my domain name, I could suffer. Slim chance, but why take it? Last but not least (3) the money. - Adam Mackler

1 Answers

1
votes

I see no reason not to self-sign. I would have upped it a notch, though, and created my own certificate authority. This allows you to ensure that you will only connect to servers that has certificates that are signed by your custom CA, which is much better (i.e. actual crypto security) than a simple fingerprint check of the certificate on the server.

Here's an example of how to create a custom CA using Ruby's OpenSSL bindings. The procedure is the same in most languages. https://github.com/augustl/ruby-openssl-cheat-sheet/blob/master/certificate_authority.rb

You can of course also use a client certificate that has to be signed by your custom CA for your server to accept the request. Note that this will only be obscurity - an attacker will be able to extract the private key and custom CA signed cert from your app. If your app can make requests to the server, anyone can :)