1

I recently moved my backend (rails) to Digital Ocean. I installed my ssl cert (signed by a CA) there and browsers recognize and display accordingly in the web app.

I went to do some work on and my Android client - only to get this exception from Volley:

10-06 16:57:20.448: D/Error.Response(10668): com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

I'm not sure how to handle this. When I had the cert installed at Heroku initially I didn't see this - only after moving the cert. How do I fix this?

settheline
  • 3,333
  • 8
  • 33
  • 65

2 Answers2

1

This error came about because the certificate I had installed on my server was a primary cert with no chain. I concatenated the secondary cert with the primary into a single file, installed on the server, and Android accepted the SSL connection.

A lot of resources I saw talked about writing a custom trust manager etc. I would try to test your cert chain first and correct it before doing a bunch of that other stuff.

settheline
  • 3,333
  • 8
  • 33
  • 65
0

If it does not work in the app but works in the browser it is often the problem, that the site uses server name indication (SNI) to have multiple certificates on a single IP address. This is supported by all modern browsers, but not by the old Apache HTTP client shipped with Android.

For more details see HttpClient generates SSLException after acquiring new domain name or Android SSL - SNI support.

Community
  • 1
  • 1
Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • This didn't end up being my issue. Mine was actually unrelated to Android but the answer resides in that error. The certificate chain wasn't complete. I had to concatenate the intermediate certs with the primary cert into a single file and that fixed the issue. – settheline Oct 07 '14 at 21:58