19

Problem

I want to send https request to the site https://10.2.20.20/fido/EzPay/login.php my own server and get response from it and save it for example in a string. I have found some example codes in internet and try to test them for my problem but they are not helpful. Below I present some parts of codes which I have tested.

Code Example:

I try this code, but I always get same exception "No peer certificate" Why ?

try
{
    HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

    DefaultHttpClient client = new DefaultHttpClient();

    SchemeRegistry registry = new SchemeRegistry();
    SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
    socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
    registry.register(new Scheme("https", socketFactory, 443));
    SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);
    DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());

    // Set verifier      
    HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);

    // Example send http request
    final String url = "https://10.2.20.20/fido/EzPay/login.php";
    HttpPost httpPost = new HttpPost(url);
    HttpResponse response = httpClient.execute(httpPost);

    BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
    String line = "";
    while ((line = rd.readLine()) != null) {
        Log.i(DownloadImageTask.class.getName(), line);
    }

}
catch(IOException ex)
{
    Log.e(DownloadImageTask.class.getName(), ex.getMessage());
}

Exception.

03-02 16:58:25.234: W/System.err(1868): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate 03-02 16:58:25.238: W/System.err(1868): at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:137) 03-02 16:58:25.238: W/System.err(1868): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93) 03-02 16:58:25.238: W/System.err(1868): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) 03-02 16:58:25.238: W/System.err(1868): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465) 03-02 16:58:25.250: W/System.err(1868): at com.https.test.DownloadImageTask.doInBackground(Https_testActivity.java:78) 03-02 16:58:25.250: W/System.err(1868): at com.https.test.DownloadImageTask.doInBackground(Https_testActivity.java:1) 03-02 16:58:25.250: W/System.err(1868): at android.os.AsyncTask$2.call(AsyncTask.java:264) 03-02 16:58:25.253: W/System.err(1868): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305) 03-02 16:58:25.253: W/System.err(1868): at java.util.concurrent.FutureTask.run(FutureTask.java:137) 03-02 16:58:25.253: W/System.err(1868): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:208) 03-02 16:58:25.257: W/System.err(1868): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076) 03-02 16:58:25.257: W/System.err(1868): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569) 03-02 16:58:25.257: W/System.err(1868): at java.lang.Thread.run(Thread.java:856)

Question

What I'm doing wrong and how I can solve this issue. Why I get "No peer certificate" exception ?

Thanks.

Edited

Windows Server settings.

<VirtualHost *:443>
  ServerName 10.2.20.20

 Alias /fido/EzPay/ "d:/fido/EzPay/" 
Alias /fido/EzPay "d:/fido/EzPay/" 

<Directory "d:/fido/EzPay/">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
        Order allow,deny
    Allow from all
</Directory>


  # These are the actual SSL directives needed to get it all working!
  SSLEngine on
  SSLCertificateFile C:/wamp/bin/apache/apache2.2.17/conf/ssl/fidoserver.crt
  SSLCertificateKeyFile C:/wamp/bin/apache/apache2.2.17/conf/ssl/fidoserver.pem
</VirtualHost>
Viktor Apoyan
  • 10,655
  • 22
  • 85
  • 147
  • Rather than a Buffered Reader, how did you run the response variable? Did you use a WebView? Do you might sharing the code? I am stuck on this for days with no correct answer that helps me. – Melvin Lai Mar 05 '12 at 13:01
  • @MelvinLai you must use keystore only in that case my application start to work. – Viktor Apoyan Mar 06 '12 at 11:07
  • Possible duplicate of [How do I avoid getting "No peer certificate" error when connecting to this HTTPS site on Android?](http://stackoverflow.com/questions/7583548/how-do-i-avoid-getting-no-peer-certificate-error-when-connecting-to-this-https) – Abhinav Saxena Jan 09 '17 at 07:45

3 Answers3

20

Finally I have solved https problem. As I fought the main problem was in server, concretely in certificate. Android supports only “BKS” certificate and that’s was the reason that we can’t get response from the server. In order to solve this issue I have read more then 30 articles and finally found solution.

The steps which I done to solve this issue you can see below:

First thing that I do was generating .bks keystore file from our fidoserver.crt certificate, in order to do that I have read this article and do following:

  1. Open cmd
  2. Go to JDK folder “cd X:\Programs\Java\Jdk6\bin”
  3. Call following command:

keytool -import -alias tomcat -file X://KeyStore/fidoserver.crt -keypass password - keystore X://KeyStore/keystore.bks -storetype BKS -storepass 222222 -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath X://KeyStore/bcprov-jdk16-146.jar

Before running this command I have download Bouncy Castle .jar file and put it in the folder with certificates. After doing this all steps I get keystore.bks file which is the right certificate file for Android application. I put this file in Androids mnc/sdcard folder. In java code I have write following code to read that keystore.bbk file

KeyStore trustStore  = KeyStore.getInstance( "BKS" /*KeyStore.getDefaultType()*/ );
FileInputStream instream = new FileInputStream(new File("/mnt/sdcard/keystore.bks"));
try {
    trustStore.load(instream, "222222".toCharArray());
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
} catch (CertificateException e) {
    e.printStackTrace();
} catch (IOException e) {
    e.printStackTrace();
} finally {
    try { instream.close(); } catch (Exception ignore) {}
}

// Create socket factory with given keystore.
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);

SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
Scheme sch = new Scheme("https", socketFactory, 443);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);

HttpGet httpget = new HttpGet("https://10.2.20.20/fido/EzPay/login.php");

System.out.println("executing request " + httpget.getRequestLine());

HttpResponse response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();

System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
    System.out.println("Response content length:  " + entity.getContentLength());
}
            
// Print html.
BufferedReader in = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
String line = "";
while ((line = in.readLine()) != null) {
     System.out.println(line);
}
in.close();

This all allow m to load our certificate with given password 222222 (password we give when create a keystore with keytool).

After this all my test application start to work correctly. Now I can send request to https and get response from it. I have tested application with FIDO server, everything works great! I think on Monday I will make some changes in EzPay application and it will start working with https connections.

References

Community
  • 1
  • 1
Viktor Apoyan
  • 10,655
  • 22
  • 85
  • 147
  • This steps looks convincing, but I got stuck at the KeyStore step, do I really need to have the certificate itself in my folder when I type the command line? Is there a way I can communicate with you rather can commenting here? I have a skype account, I really want to solve this badly. It is taking too long to complete as I am weak in Android – Melvin Lai Mar 07 '12 at 07:07
  • 1
    i have followed http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/ which you also reference. the new httpclient class works for http connections, but for https it still gives me the "No peer certificate" exception. any ideas what the problem could be after following your example? – stefanjunker Jun 13 '12 at 11:03
  • @ViToBrothers hi if i want to mutual auth i need to put in bks file the client certificate right? – DevOps85 Feb 03 '15 at 08:08
7

The request method POST is inappropriate for the URL /. That’s all we know.

Example 1 doesn't work because it seems that you are not allowed to send POST request to that page. Try:

/* ... */
HttpGet httpGet = new HttpGet(url);
HttpResponse response = httpClient.execute(httpGet);
/* ... */

Example 2 doesn't work because you don't accept the website certificate as an accepted certificate, so it should also be like this:

/* ... */
HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
registry.register(new Scheme("https", socketFactory, 443));
SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);
DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());
/* ... */
Caner
  • 57,267
  • 35
  • 174
  • 180
  • Give me 10 minutes, I will try and let you know. +1 – Viktor Apoyan Mar 02 '12 at 10:50
  • Yes you were right I acccess to https://encrypted.google.com/ with example 1, now I modify code and give as url my own url on the local server https:\\10.1.20.20\login.php, but I get exception "No peer certificate" what is wrong with my server or application ? – Viktor Apoyan Mar 02 '12 at 10:54
  • 1
    If it works for google and not for your server that means you didn't configure SSL correctly on your server. If you are using Apache server check this: http://www.informit.com/articles/article.aspx?p=30115&seqNum=5 – Caner Mar 02 '12 at 11:01
  • So you think that the main problem is server configuration ?? – Viktor Apoyan Mar 02 '12 at 11:11
  • Thanks a lot. I will try to configure my server and try again. After I will accept your answer. Thank you very match !!!!!!! – Viktor Apoyan Mar 02 '12 at 11:19
  • I have check my server settings, I have edited my post you can see server settings, but it still not working. – Viktor Apoyan Mar 02 '12 at 11:31
  • 1
    I don't know anything about Windows Server. I cannot help with that. You can try to ask it as a separate question. – Caner Mar 02 '12 at 11:39
  • man this is great. To be honest I didnt have any idea of what this is. But I just copied the second set of coding to initialize my httpclient and the problem is gone. Just +1 to this. Cool. – Andro Selva Nov 15 '12 at 08:23
0

Have you tried to open the page with a browser ? If its not opening your Configuration is wrong.

Note if your using a Self-Signed-Certificate you may get some connection problems. Some Android Kernel Versions (prior to 2.6.32.9) dont like Self-Singed-Certificates.

outofBounds
  • 594
  • 6
  • 18