By default, Android SDK delegates SSL certificates checking to the system level while establishing secure Websocket connestion to a server. On the system level, in its turn, server certificate is compared with system certificate storage content.
In this case, if the server uses self-signed certificate (for debugging purposes), this certificate will not pass the checking. Use the following ways to bypass this depending on Android SDK build.
Not recommended: Trust all the certificates
Since build 184.108.40.206 the session option SessionOptions.trustAllCertificates is added, false by default. To accept any certificates including self-signed ones,tis option should be set to true
Today, Google Play security requirements does not allow to publish an application with such code. Use the recommended way.
Recommended: Add self-signed certificate to application resources
Since Android SDK build 220.127.116.11 X509TrustManager class implementation is removed fromAndroid SDK code. For testing purposes, self-signed certificate must be added to application resources. Also, the configuration file
network_security_config.xml containing certificate file description must be added: