0

I'm putting together a demo web-app.

I've created a certificate signed by my own CA, and imported that CA into the android device.

I have the Android device going to: 10.0.2.2 (Which is the host machine on the emulator)

The host comes up, but its given a domain mismatch error in the browser, even though the certificate is 10.0.2.2.

Anybody know why?

Doug
  • 6,446
  • 9
  • 74
  • 107

1 Answers1

5

What Android version are you testing on? Android's hostname verifier is stricter than most browsers, and requires the IP address to be in a Subject Alternative Name entry of IP address type, not just in the CN. So either use a hostname to access your demo site, or re-create the certificate, putting the IP address in the SAN extension. If you are using OpenSSL, something like this should do it: http://andyarismendi.blogspot.in/2011/09/creating-certificates-with-sans-using.html

Nikolay Elenkov
  • 52,576
  • 10
  • 84
  • 84
  • Sweet, that makes sense. I'll give it a shot and let you know! I'm using 220 (Which I believe is Froyo). – Doug Jun 18 '12 at 13:20
  • Unless this is heavily customized, Froyo doesn't have the ability to import CA certificates. How did you import it? – Nikolay Elenkov Jun 18 '12 at 13:37
  • This can be done with `keytool` too now (see [this](http://stackoverflow.com/a/8444863/372643)). – Bruno Jun 18 '12 at 13:40
  • I can confirm this works. FYI, openssl lets you add an IP address for a DNS name, and the IP name, where keytool requires a DNS name start with a letter. As a result I'm not sure if in this particular instance keytool would have worked for Android. – Doug Jun 18 '12 at 15:34
  • *"... or re-create the certificate, putting the IP address in the SAN extension"* - for instructions on doing it with OpenSSL via a CONF file (the only way to utilize SANs), see [SSL Certificate Verification: javax.net.ssl.SSLHandshakeException](https://stackoverflow.com/questions/25079751/ssl-certificate-verification-javax-net-ssl-sslhandshakeexception/25084465#25084465). – jww Aug 07 '14 at 00:27