I've come across a dilemma that I think should be considered for a future release. My company maintains their own ESRI service and I have been hired to develop applications that utilize their maps. Enough back story, I switched my MapServer url to my company's and encountered a CertPathValidatorException. Researched it and found the problem to be a missing chain in our web server's certificate. Now Android's documentation offers a workaround which requires building a custom Trust Manager before establishing a connection. ESRI's documentation only offers advice if the certificate is self-signed. Has there been any talk about expanding UserCredentials or another method to integrate a custom Trust Manager?
Fortunately, the person maintaining the ESRI server was well receptive to my needs and is working on updating the certificate in the coming week.