Trust Anchor not found for Android SSL Connection
I am trying to connect to an IIS6 box running a godaddy 256bit SSL cert, and I am getting the error :
java.security.cert.CertPathValidatorException: Trust an
-
In my case this was happening after update to Android 8.0. The self-signed certificate Android was set to trust was using signature algorithm SHA1withRSA. Switching to a new cert, using signature algorithm SHA256withRSA fixed the problem.
讨论(0) -
The error message I was getting was similar but the reason was that the self signed certificate had expired. When the openssl client was attempted, it gave me the reason which was overlooked when I was checking the certificate dialog from firefox.
So in general, if the certificate is there in the keystore and its "VALID", this error will go off.
讨论(0) -
The solution of @Chrispix is dangerous! Trusting all certificates allows anybody to do a man in the middle attack! Just send ANY certificate to the client and it will accept it!
Add your certificate(s) to a custom trust manager like described in this post: Trusting all certificates using HttpClient over HTTPS
Although it is a bit more complex to establish a secure connection with a custom certificate, it will bring you the wanted ssl encryption security without the danger of man in the middle attack!
讨论(0) -
In Gingerbread phones, I always get this error:
Trust Anchor not found for Android SSL Connection, even if I setup to rely on my certificate.Here is the code I use (in Scala language):
object Security { private def createCtxSsl(ctx: Context) = { val cer = { val is = ctx.getAssets.open("mycertificate.crt") try CertificateFactory.getInstance("X.509").generateCertificate(is) finally is.close() } val key = KeyStore.getInstance(KeyStore.getDefaultType) key.load(null, null) key.setCertificateEntry("ca", cer) val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm) tmf.init(key) val c = SSLContext.getInstance("TLS") c.init(null, tmf.getTrustManagers, null) c } def prepare(url: HttpURLConnection)(implicit ctx: Context) { url match { case https: HttpsURLConnection ⇒ val cSsl = ctxSsl match { case None ⇒ val res = createCtxSsl(ctx) ctxSsl = Some(res) res case Some(c) ⇒ c } https.setSSLSocketFactory(cSsl.getSocketFactory) case _ ⇒ } } def noSecurity(url: HttpURLConnection) { url match { case https: HttpsURLConnection ⇒ https.setHostnameVerifier(new HostnameVerifier { override def verify(hostname: String, session: SSLSession) = true }) case _ ⇒ } } }and here is the connection code:
def connect(securize: HttpURLConnection ⇒ Unit) { val conn = url.openConnection().asInstanceOf[HttpURLConnection] securize(conn) conn.connect(); .... } try { connect(Security.prepare) } catch { case ex: SSLHandshakeException /*if ex.getMessage != null && ex.getMessage.contains("Trust anchor for certification path not found")*/ ⇒ connect(Security.noSecurity) }Basically, I setup to trust on my custom certificate. If that fails, then I disable security. This is not the best option, but the only choice I know with old and buggy phones.
This sample code, can be easily translated into Java.
讨论(0) -
I had the same problem while connecting from Android client to Kurento server. Kurento server use jks certificates, so I had to convert pem to it. As input for conversion I used cert.pem file and it lead to such errors. But if use fullchain.pem instead of cert.pem - all is OK.
讨论(0) -
You can trust particular certificate at runtime.
Just download it from server, put in assets and load like this using ssl-utils-android:OkHttpClient client = new OkHttpClient(); SSLContext sslContext = SslUtils.getSslContextForCertificateFile(context, "BPClass2RootCA-sha2.cer"); client.setSslSocketFactory(sslContext.getSocketFactory());In the example above I used
OkHttpClientbutSSLContextcan be used with any client in Java.If you have any questions feel free to ask. I'm the author of this small library.
讨论(0)
加载中...
- 热议问题