android logo with wrench

A new Android networking library named Volley was introduced this year at Google I/O. According to Ficus Kirkpatrick, one of the creators, it should provide a performance boost, give customization options, offer request tracing and more. We recently converted most of our networking stack to Volley, though we still use Loopj for making POST requests as we found some limitations with Volley.

We use self-signed certificates during development and thus needed to work that out with each library. Here’s how to make that work in both libraries.


The first step is to grab the self-signed certificate from the server which you’d like to make requests against and copy it to your local development environment. Easy enough, just use something like scp to copy it down.

Once you have the server’s self-signed certificate locally, convert it to BKS format. Assuming your certificate is in CRT format, you can use this command:

keytool -importcert -v -trustcacerts -file "server.crt" -alias imeto_alias 
-keystore "server.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider 
-providerpath "bcprov-jdk16-146.jar" -storetype BKS

When you run this command you will be prompted for a password. Remember whatever password you enter as you will need to modify strings.xml to include it.

The next step is to copy your certificate to your resources directory in your Android project: /res/raw. Once the certificate is in your project locally, modify your strings.xml file to include the password you were prompted for.

<string name="store_pass">your password here</string>

Next, create a custom socket factory class which uses your self-signed certificate in /res/raw (or wherever you placed it). Below is an example.

The last step to get Loopj requests to work is to instantiate an Async client and use your custom SSL factory.


This will cover any Loopj requests, but what about Volley? There are several stack overflow threads describing how to effectively ignore certificates which seems to work with Volley. Ignoring SSL certificates is very dangerous so be careful about making sure this code does not run in production. Below is an example of class that will create an X509TrustManager that will accept all certificates