Trust Anchor not found for Android SSL Connection

Question

I am trying to connect to an IIS6 box running a godaddy 256bit SSL cert, and I am getting the error :

java.security.cert.CertPathValidatorException: Trust an         


        

Answer 1

Replying to very old post. But maybe it will help some newbie and if non of the above works out.

Explanation: I know nobody wants explanation crap; rather the solution. But in one liner, you are trying to access a service from your local machine to a remote machine which does not trust your machine. You request need to gain the trust from remote server.

Solution: The following solution assumes that you have the following conditions met

1. Trying to access a remote api from your local machine.
2. You are building for Android app
3. Your remote server is under proxy filtration (you use proxy in your browser setting to access the remote api service, typically a staging or dev server)
4. You are testing on real device

Steps:

You need a .keystore extension file to signup your app. If you don't know how to create .keystore file; then follow along with the following section Create .keystore file or otherwise skip to next section Sign Apk File

Create .keystore file

Open Android Studio. Click top menu Build > Generate Signed APK. In the next window click the Create new... button. In the new window, please input in data in all fields. Remember the two Password field i recommend should have the same password; don't use different password; and also remember the save path at top most field Key store path:. After you input all the field click OK button.

Sign Apk File

Now you need to build a signed app with the .keystore file you just created. Follow these steps

1. Build > Clean Project, wait till it finish cleaning
2. Build > Generate Signed APK
3. Click Choose existing... button
4. Select the .keystore file we just created in the Create .keystore file section
5. Enter the same password you created while creating in Create .keystore file section. Use same password for Key store password and Key password fields. Also enter the alias
6. Click Next button
7. In the next screen; which might be different based on your settings in build.gradle files, you need to select Build Types and Flavors.
8. For the Build Types choose release from the dropdown

9. For Flavors however it will depends on your settings in build.gradle file. Choose staging from this field. I used the following settings in the build.gradle, you can use the same as mine, but make sure you change the applicationId to your package name

   productFlavors {
       staging {
           applicationId "com.yourapplication.package"
           manifestPlaceholders = [icon: "@drawable/ic_launcher"]
           buildConfigField "boolean", "CATALYST_DEBUG", "true"
           buildConfigField "boolean", "ALLOW_INVALID_CERTIFICATE", "true"
       }
       production {
           buildConfigField "boolean", "CATALYST_DEBUG", "false"
           buildConfigField "boolean", "ALLOW_INVALID_CERTIFICATE", "false"
       }
   }
   

10. Click the bottom two Signature Versions checkboxes and click Finish button.

Almost There:

All the hardwork is done, now the movement of truth. Inorder to access the Staging server backed-up by proxy, you need to make some setting in your real testing Android devices.

Proxy Setting in Android Device:

1. Click the Setting inside Android phone and then wi-fi
2. Long press on the connected wifi and select Modify network
3. Click the Advanced options if you can't see the Proxy Hostname field
4. In the Proxy Hostname enter the host IP or name you want to connect. A typical staging server will be named as stg.api.mygoodcompany.com
5. For the port enter the four digit port number for example 9502
6. Hit the Save button

One Last Stop:

Remember we generated the signed apk file in Sign APK File section. Now is the time to install that APK file.

1. Open a terminal and changed to the signed apk file folder
2. Connect your Android device to your machine
3. Remove any previous installed apk file from the Android device
4. Run adb install name of the apk file
5. If for some reason the above command return with adb command not found. Enter the full path as C:\Users\shah\AppData\Local\Android\sdk\platform-tools\adb.exe install name of the apk file

I hope the problem might be solved. If not please leave me a comments.

Salam!