I'm starting an app on openshift. I've purchased comodo positive ssl from namecheap and followed the instructions to install on openshift. It works fine on desktop browsers but i get the following "not trusted" error on android browsers. I have not tried IOS.
i uploaded following files to openshift:
stylistcity_com.crt
server.key
Other files i have that were not used include:
server.csr
server.pass.key
AddTrustExternalCARoot.crt
PositiveSSLCA2.crt
Any help would be appreciated.
Thanks to #stenwt from the openshift irc channel, It finally work. Here is what i did.
cat mycert.crt cacert.ca > myapp.pem; rhc alias update-cert appname www.domain.com --certificate myapp.pem --private-key myapp.key --passphrase 'mypass'
You have to add the intermediate certificate(s) (the other *.crt) too, because otherwise the browser is not able to verify the certificate chain up to the builtin trusted CA. The only reason that the verification with the desktop browsers succeed is because you already visited sites which use the same intermediate certificates and the browser cached them. If you would use a fresh browser setup (or a new profile with firefox) verification would there fail too.
Had a bit of trouble with the method that worked for OP. For PositiveSSL, on OpenShift, this worked for me:
cat mydomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
rhc alias update-cert myappname www.mydomain.com --certificate ssl-bundle.crt --private-key mydomain_com.key --passphrase 'mypassphrase'
Replace mydomain_com.crt with your main domain cert from Comodo
Replace myappname with your OpenShift app name
Replace www.mydomain.com with your domain alias (the one on OpenShift for your app)
Replace mydomain_com.key with the filename for your private key
Replace mypassphrase with your SSL passphrase
I've opened certificate.ca.crt and certificate.crt, with conTEXT editor,
I copied the contents of certificate.crt and have pasted to the principle of certificate.ca.crt and have saved as certificate.pem, after I've uploaded to OpenShift web console, in SSL certificate *, the first box. Fixed !!
Related
private void handleSignInResult(Task<GoogleSignInAccount> completedTask) {
try {
GoogleSignInAccount account = completedTask.getResult(ApiException.class); //exception is here
// Signed in successfully, show authenticated UI.
System.out.println("google token ---> " + account.getIdToken());
} catch (ApiException e) {
// The ApiException status code indicates the detailed failure reason.
// Please refer to the GoogleSignInStatusCodes class reference for more information about this error.
e.printStackTrace();
}
}
Quoting the documentation:
Certain Google Play services (such as Google Sign-in and App Invites)
require you to provide the SHA-1 of your signing certificate so we can
create an OAuth2 client and API key for your app.
If you are using Firebase and try on the debug app :
1. First, get your SHA-1 debug key :
Click on Gradle (From Right Side Panel, you will see Gradle Bar)
Click on Tasks
Click on Android
Double Click on signingReport (You will get SHA-1 and MD5)
2. Add your key to your Firebase project :
Go to Project settings -> SHA certificate fingerprints -> Add SHA-1 key of debug app.
Then you can update your google-services.json file in your Android project.
Its works for me.
This status code means that you are providing unknown server client id.
In https://console.developers.google.com/apis/credentials in your project you might need to generate: OAuth client ID -> Web Application and use this web application client id here:
val gso = GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(webApplicationClientId)
.requestEmail()
.build()
I have solved this problem using these steps:
1). Goto https://console.developers.google.com/ and delete (Android Client) if it is created.
2). Click on Create Credential and click on OAuthClientID and select android
3). copy and paste your SHA 1 fingerprint
4). type your package name then saved
5). Goto console.firebase.com
6). download google-service.json move it into your project into app directory
7). Open google-service.json and find out client id type 3 and use it as default_web_client_id
8). Run your App
I have this thing in 2-3% of the occasions in production and it works seamlessly for everyone else.
Given the sheer amount of problems and differing answers this is causing, it's fair to say that this is a problem on behalf of firebase. They've implemented a catch-all error routine that is just bad api design. The api must point to the problem where it fails.
A long term solution is to convince firebase that this is bad-api design and they need to do better.
We're strong together.
Please write a support ticket to firebase roughly with this:
Hey Firebase Support,
i have a com.google.android.gms.common.api.ApiException: 10 in my app.
The problem for me - and for a lot of people all over the forums - is
that your api seems to have a catch-all error routine that roughly
speaking is saying "something went wrong, please fix it".
You could release your support team and a lot of people from headache
if you would fix this.
The API should be able to figure what's wrong and give a better error
message from the context where it occurs.
It's really a burden and I think that since firebase has a
quasi-monopoly on these matter on Android it's your obligation to do
better.
While this is obviously not your fault, I'd like to encourage you to
escalate this problem.
It's fundamentally bad api design and harms an otherwise great
product.
Thanks anyway.
My problem was trying to use Google Sign-In yet I had accidentally enter the wrong SHA1 in Firebase. Try running Gradle > Your app name > Tasks > android > signingReport, get your SHA1 key and compare it with the one on Firebase. If they are different, change the Firebase SHA1 key to match the one you got from the signingReport. Don't forget to also download the google-services.json afterwards.
The ApiException Error Code 10 is a developer error. You get this error when your firebase app is not well configured. One sure case is when you do not supply the SHA1 fingerprint for your android app when you want to use Firebase authentication with Google Signin. (It is a requirement for Google Signin).
So supply the SHA1 fingerprint, download the google-services.json configuration file to your app folder and build. You should be good to go.
Google sign-in is automatically configured on your connected iOS and web apps. To set up Google sign-in for your Android apps, you need to add the SHA1 fingerprint for each app on your Project Settings.
Check this out Common Status Error Codes
In my case the problem was with the SHA1 and google-services.json file
i solved the problem follow this steps:
1.- Open https://console.cloud.google.com/apis/credentials and delete file at OAuth 2.0 Client IDs
2.- Open https://console.firebase.google.com/ clic gear icon -> Proyect Settings -> Select your Android App -> add fingerprint -> save -> and download google-services.json file
3.- Open your android proyect and replace de google-services.json file -> clic Sync Proyect with Gradle Files
4.- The new default_web_client_id at values works fine for me and solved the problem
that is because you are using the wrong default_client_token_id.
to solve this go to the JSON file downloaded from firebase and open it:
your client_id is located right after the
"certificate_hash":xxxxxxzxzxzzzxzxzxzxzxzx....
good luck :) and I hope it helped.
Don`t forget to add
<application
...
<meta-data
android:name="com.google.android.gms.wallet.api.enabled"
android:value="true" />
...
</application>
under your manifest file application tag.
In my case problem was because of absent this lines.
ApiException 10 is a DEVELOPER_ERROR, which means something's wrong with your app configuration.
This answer worked for me, but then I realized our app authenticates with a backend server. So, if your app authenticates with a backend server, you only need to use the web application client ID. But you still need to create client ID of Android type or you're going to get ApiException 12500 . You can read more about it from the documentation. (note that the link has authuser=0)
If you remove this line it will work:
System.out.println("google token ---> " + account.getIdToken());
This is because you don't have the request to the idToken:
.requestIdToken(getString(R.string.google_app_id))
where the app_id will have the value of "OAuth client ID -> Web Application"
When you are doing setup of google login, it normally take Signed keystore hash key. So try with signed APK then it will work. For debugging try to add your debug SHA key on google console.
I guess the question is answered. But for me it was a little different. So
if some googlers come along this and may have the same problem as I had:
Special Case
multiple firebase projects
client ids whitelisted
installed app through app sharing can't sign up with google
In case anybody is using multiple firebase projects for one application (i.e. for different flavors) and has whitelisted the "external" client ID in Google-Authentication in one project.
Then the solution is, to generate new credentials in the Google APIs console of the "master" / whitelisted project with the sha-1 (found in app sharing) of the other project.
Add new credentials to API Console
Go to Google APIs of whitelisted project
Create new OAuth Client ID
Add everything needed, also package name of other project
Paste the SHA-1 hash from App Sharing of other project
Done
Sorry for my bad english. It's not my mother tongue.
This Error because of Wrong Client Id
GoogleSignInOptions googleSignInOptions = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.default_web_client_id))
.requestEmail()
.build();
You must pass your server's client ID to the requestIdToken method.
client Id can be found eaisly in google-services.json file
{
"client_id": "",
"client_type": 3
}
No need to go to Credentials page in the GCP Console.
Please to follow instructions from
https://firebase.google.com/docs/auth/android/google-signin
If you came here because of an error with the Google Login iOS & Android Unity library, this is what helped for me.
I changed the Google project and kept getting ApiException: 10. I later found out that it was because you need to use a web client, not an Android one.
If you want to check if you have a web client or an Android one, open the client_secret_(some text).apps.googleusercontent.com.json file - if it starts with {"web" it's a web client.
Step by step instructions for replacing the client:
Remove the client_secret_(some text).apps.googleusercontent.com.json file from your Unity project. If you have a plist file (for iOS) too, don't remove it.
Go here, click "Configure a project" and configure an Android client.
Go to the Google Cloud Credentials page (select your project if necessary), download the auto-generated web client and place it in your project.
Click Assets > External Dependency Manager > Android Resolver > Force Resolve.
Change the client ID passed to LCGoogleLoginBridge.InitWithClientID in the script where you call this function.
Build and see if the issue has been resolved.
val gso = GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(OAUTH_2_CLIENT_ID)
.requestEmail()
.build()
val mGoogleSignInClient = GoogleSignIn.getClient(this, gso)
val signInIntent = mGoogleSignInClient.signInIntent
startActivityForResult(signInIntent, GOOGLE_LOGIN)
OAUTH_2_CLIENT_ID is Web client (auto created by Google Service). Not Android
If you don't use your own backend server you don't need to provide OAuth 2.0 client id (as it said here). Of course check that you provided correct SHA-1 code, but remember that you are providing the release variant SHA-1 key, so this error might appear when you are trying to use Google SignIn with debug app variant. So you have 2 options:
Build and run release APK
Add your debug SHA-1 key to the Firebase console and then you'll be able to run your debug APK without this exception
Possible solve:
If you once renamed project's package check that package name in AndroidManifest.xml and applicationId in app gradle file are the same.
It helped me when I named applicationId like my application package
From my experience it is a problem with SHA1. Solution which worked for me:
Delete OAuth listings if you have created any (probably optional)
Launch this command in your project terminal keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android and copy SHA1 fingerprint.
Go to Firebase console, click gear on your project and delete old fingerprint's. Replace them with the one you copied during step 2
Download new google-services.json file and replace the old one
Sync project with Gradle files.
Should be working :)
I was facing the same issue. I was using SHA-1 credentials. But the problem was that I was directly installing the app to the testing device by using the Run button of Android Studio. In this way, I hadn't defined the debug keystore in Android Studio with which I had created the SHA-1 fingerprint.
To set the debugKeyStore Where is debug.keystore in Android Studio
In my case, it resolved by reconnect my Android Studio to Firebase.
I was getting the same error but I obtained the web client token from Google Cloud Console and placed it right where the GoogleSignInOptions is declared. Replace the
.requestIdToken("getString(R.string.default_web_client_id)")
with the web client ID for your particular Google Cloud project.
I were using this command from documentation ...
keytool -exportcert -keystore ~/.android/debug.keystore -list -v
i just change it to
keytool -exportcert -keystore ./.android/debug.keystore -list -v
and using SHA-1 and copy it into firebase android section.
it just wokrs fine.
For me the mistake was simple. I had initialized google signin options outside the oncreate callback.
If using Google Internal Sharing for testing, make sure to add also the SHA string of your internal sharing (Setup - Internal App sharing in Google Play Console)
I solve this problem by redo my Firebase Auth connection again.
Click the right top little square to login to your google account
Go to the Tool - > Firebase
Select the Authentication
Connect
After that it may say you are already connect, but you need to update the connection. After that it works fine. I think sometime Android Studio mixed up with different Firebase account.
I can add my projects to one github account but with another account i can't. I have followed this website for GitHub and worked fine: https://www.londonappdeveloper.com/how-to-use-git-hub-with-android-studio/#comment-32683
Steps are: 1. create a new git repo. 2. from android studio- VCS> Import into version control> create git repo. 3. In windows root directory of project open bash command and type > git remote add origin https://github.com/xxx/myProject.git 4. then back to android studio and a)project>Git>add b)project>Git>Commit c) project>Git>repository>push
these steps worked fine and I get a successful message using one github account. But with another account i cant do it, i get the erro:
Failed with error: fatal: unable to access 'https://github.com/Rashedul/myProject.git/': The requested URL returned error: 403
Why is this happening and how to solve it?
First you should set username and password to access the URL and to login , set Authentication first.
git remote set-url origin https://yourusername#github.com/user/repo.git
Then you'll be asked for a password when trying to git push
This is on the http authentication format. You could set a password also:
https://youruser:password#github.com/user/repo.git
You should be aware that if you do this, your github password will be stored in plaintext in your .git directory, which is obviously undesirable.
I had just about started implementing support for App Links into my app, when I bumped into this unusual issue.
Following the steps in the Android Studio app links tool, I was quickly able to make the necessary changes. However, when I came to the step of verifying the Digital Asset Link files' association with my website, I got an error.
Initially, I thought there might be some error accessing the link. I tried accessing the link using multiple browsers, and there was no error.
When I looked around for anyone facing a similar issue, I came across this post. The site I was trying to associate with was also using a LetsEncrypt generated SSL cert. So, I tried another site I had that used LetsEncrypt SSL — same result. Then I used a site which used RapidSSL generated SSL, and bingo - it worked!
I'm not sure whether the App Links team has taken notice of this. But can anyone help get an answer on this?
Thanks!
I have got the same issues of SSL certificate is not verified.
This is because of the server where you host over there u have to verify SSL certificate
So the file is generate name assertlinks.json
This file you have to place over your server domain by creating folder .well-known/ inside this json file
https://sub.subdomain.example.com/.well-known/assetlinks.json
in mainfiest I have this code
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="www.example.com"
android:path="/aboutus"
android:scheme="http" />
</intent-filter>
Follow this steps to get it working my deep linking is working
https://developer.android.com/studio/write/app-link-indexing.html
Somewhat older already, but hopefully still relevant. I came across the same issue today and figured out that the problem is with the .well-known folder. Depending on how you set up the Let's Encrypt SSL certificate, it is very likely you have an alias now on your server that points .well-known to the folder /var/www/html/.well-known on your server. That's also where you will have to place you assetlinks.json file. Copying the file there fixed the issue for me.
Note however, this may well pose problems down the road if you have multiple domains on your server and if you have the need to link apps to different domains. I do not know if you can have different assetlinks.json files in this set up.
Say, if you are running flask server in production with nginx and gunicorn, then this assetlinks.json file will not be serve by your flask app or gunicorn software. This file must have to be served by nginx.
For this you have to make following change in your nginx configuration file:
location /.well-known {
default_type "text/plain";
alias /home/user/project/app/.well-known;
}
You will make change here:
server {
server_name www.example.com example.com;
location /static {
alias /home/user/project/app/static;
}
#################EDITED PORTION START################
location /.well-known {
default_type "text/plain";
alias /home/user/project/app/.well-known;
}
#################EDITED PORTION END################
location / {
proxy_pass http://localhost:8000;
include /etc/nginx/proxy_params;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate
/etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key
/etc/letsencrypt/live/example.com.bd/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I have this problem too when I use Android Studio 2.3.
One of Let's encrypt Certificate root CA is "DST Root CA X3", So you can check if your root CA for Let's encrypt is it.
When I use wireshark capture the ssl packets, It shows that "Certificate unknown". So I think Android Stuido 2.3 not include "DST Root CA X3" in it root CA list.
So, you'd better try another certificate that published by other root CA.
I am trying to integrate a Google plus Login in my application as per the instruction provided by following link :
https://developers.google.com/+/quickstart/android#install-sdk
I am following all the instructions perfectly. And when I run the sample application on a real device provided in the android-sdk and click the signin button, it display a Toast message that An internal error occurred
What am I doing wrong?
I have this problem and even after creating 10 different client IDs with different SHA and package name, it doesn't work... until I found out that you have to fill the Consent screen.
According to GoogleDevelopers Console -
The consent screen will be shown to users whenever you request access
to their private data using your client ID.
This can happen when you haven't set the signature for the client ID in your API console project, or if you copied the wrong key value from keytool. Doing so is documented in the steps of the quick start guide on steps 7, 8, 9, and 10.
I've solved problem by removing .setScopes("PLUS_LOGIN") in the PlusClient.Builder.
I got this toast message error in my android application:
An internal error occurred
Summary:
Assuming you made a mistake configuring the negotiation between your android app and the Android API server granting you access. Most likely caused by you not adding the correct package name or correct SHA1 fingerprint. I followed these steps to blow out the wrong configuration and do it right.
Steps to fix:
Go to your google api console and login: https://code.google.com/apis/console
Click "API Access" tab.
Click the button: "Create another client ID".
Choose: "Installed Application" radio button.
Choose: "Android" radio button.
Enter the package name of the android app that is displaying the above error. You can find it defined at the top of the PlusSampleActivity.java code file. For me it is com.google.android.gms.samples.plus
Acquire your SHA1 fingerprint value:
a. Use the command keytool -list -v -keystore /home/el/.android/debug.keystore. Enter password, If you never set it, the default password is 'android'.
b. The SHA1 fingerprint is shown on screen, copy that.
Paste the above value into the "Signing certificate fingerprint (SHA1):" box.
Click the button: "Create client ID".
Run your android application again, click "Sign in".
Now you are presented with an Activity to "Sign in to Google+ SDK with Google".
In my case, the solution was to actually set an email address in the Consent Screen.
First, I was a bit reluctant to select my personal address and for an strange reason you can save the form without this piece of data with no error. After checking what others have suggested, as soon as I set my email address in that form, it started working.
I have been searching how to fix this for a day with full of research without luck finally i managed
to resolve this issue with the following approach.
Before i begin resolving this (at least how ti worked for me) i have to say that everything on the
documentation is correct and you don't have to change any lines of code or so.
It looks like more of a bug in the https://cloud.google.com/console cloud console
First ensure you got the correct SHA1 and your project's package name as described in the docs
https://developers.google.com/+/quickstart/android
Now this bug as i noticed (at least for me) was that in my cloud console, the project i have created
was long ago with the old interface and few months ago i migrated to the new GUI.Once you get the new look on cloud console you will notice that new projects have an auto generated project id
like this atlantean-ares-331 while old projects got a long integer value as project id which is not visible. So if your project was created with the old GUI and you have just created new client id for OAuth for that project you will get the Toast "An internal error occurred” while trying to sign in with google.
How to Fix
Go to your cloud console
Make a new project i would suggest a name like
oldprojectname-gplus
In APIs section enable Google+ API
Ensure that none of your projects has the same package name on
OAuth Client ID with the one you will use now otherwise you will get Error This client ID is globally unique and is already in use.(you will have to delete the old OAuth client id with the same package name you will use now).
Go to Credentials Create New Client ID for OAuth.
Installed application
Android
Enter your project's package name and your SHA1
Done
My solution to the problem was following.
I did everything others recommended and there was no typo regarding the package name and SHA1 key. I also tried removing the key and then adding it again but it didn't help.
What did help is removing the key and creating a new project (at https://code.google.com/apis/console) and then creating the Client ID (with package+sha1) again there. After that (5 secs) everything worked on my Android device.
This problem is related to the permissions from the api console.
if you are using a permission related with SCOPE_PLUS_LOGIN, in the api console you must create two keys, one for OAuth client id, and other for public api key.
In my case the problem was that I changed the package name of the app and didn't update in dev console.
For me it was that i was attempting to use my production key when installing it using my debug key. Make sure your using the right SHA1 from the right keystore.
I turned around to the Google IO 2013, and changed the initialization of PlusClient, then it works.
public static final String AUTH_SCOPES[] = {
Scopes.PLUS_LOGIN,
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/developerssite" };
mPlusClient = new PlusClient.Builder(this, this, this)
.setScopes(AUTH_SCOPES)
.build();
Thanks Thano for the solution
"Now this bug as i noticed (at least for me) was that in my cloud console, the project i have created was long ago with the old interface and few months ago i migrated to the new GUI.Once you get the new look on cloud console you will notice that new projects have an auto generated project id like this atlantean-ares-331 while old projects got a long integer value as project id which is not visible. So if your project was created with the old GUI and you have just created new client id for OAuth for that project you will get the Toast "An internal error occurred” while trying to sign in with google."
Recreating the project in the Google Console worked for me after several other attempts:
For any reason my project did not have a project ID (old console/new console?).
As Thano (above) suggested, I created a brand new project, created Client IDs, ... and then in worked. Thanks for the advice!!
Remember to use the built-in debug keystore for testing. I had everything else working correctly, but I had set my production keystore SHA1 fingerprint in the Credentials in the Developers Console, which caused it not to work.
If your facing this error when you try to run the sample application "or" copy the project which you have created in other machine which was running successfully in that and giving such pop-up error in the other machine where you are trying to run ,you can follow the below method and it will help.
If your are building the app for testing/debug purpose then,
1.Generate the new SHA1 if you copy your project and run it on other machine for the package name and path provided for keystore.
2.Change the ClientId in developers console for new generated SHA1 and run it in the new machine where you have copied the project and trying to run it.
Something often overlooked is the package name. I'd like to clarify the step 6 by Eric Leschinski above (can't comment there): the required package is not the package of an activity, rather the package of your app's manifest.
You may retrieve the correct value from the root element of AndroidManifest.xml:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.ntk.darkmoor"
android:versionCode="1"
android:versionName="1.0" >
In this example define "com.ntk.darkmoor" while creating the Client ID
I had the same issue when I used SHA1 for debug.keystore for debuging then exported my application forgetting to generate SHA1 for keystore that I used to export my application.
Its working for me when i connect the device and install the apk from Android Studio.
But its now working for me when i generate the .apk and install it from dropbox.
I went through all the answers provided here and others as well. In my case the issue was the SHA-1 as well. The reason I was getting the incorrect SHA-1 was my keytool export cert command.
Previously I was using
C:\Users\mysuername\.android SHA 1 signature keytool -exportcert -alias androiddebugkey -keystore "keystorepath" -list -v
The problem was in the androiddebugkey variable. Here you have to give the name of the key you use for signing the application.
C:\Users\mysuername\.android SHA 1 signature keytool -exportcert -alias mykeyname -keystore "keystorepath" -list -v
Hope this helps someone!
To add to this long list of reasons my problem was that i got the debugkey from the jks file rather than the app.
Its always something small.
My .key file like:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1j6eGXbHpqigZ1K//wnuyr5v/L2jFm7dzTtHJx8ZoMQ4CbsG
My .pem file like:
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIDBOziMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
I don't know how many steps of authenticate at here. I only want to create a ssl socket to an IP and port, and send/receive data in that socket.
I tried to use keystock, but perhaps I don't understand deep about it, I always get wrong.
Please give me a guide, or sample code.
Thanks so much.
I assume that the .key and .pem file represents your client certificate you have to use for performing an HTTPS client authentication. Unfortunately Java/Android prefers a different format, therefore I recommend you to import both file into a BKS file.
Creating a BKS file and importing existing .key+.pem file is very simple using KeyStore Explorer. After starting KeyStore Explorer select File -> New Keystore -> BKSv1. Afterwards you can execute Tools -> Import Key Pair and select the .pem file. Afterwards KeyStore Explorer will ask you for selecting the .key file.
Finally save the key store protected with a password of your choice.
The created BKSv1 file can now be used in your Android app. See for example the code posted in this question: Using client/server certificates for two way authentication SSL socket on Android
When creating a SSL connection, you just need the socket to allow the connection with your server, enabling it as a trusted source. To do so, you need to have your SSL certificate in X509 format and then create your connection as stated in this article.
Here's a guide on generating X.509 certificates.