0

I'm getting a error using httpclient: "No peer certificate"

So, I need configure the httpclient to trust all certificates from a specific domain, but could not found a way to do this.

I don't want to allow all domains, just a specific one.

Isquierdo
  • 745
  • 1
  • 10
  • 29

1 Answers1

0

to trust all certificates from a specific domain,...

That's not how trust works. if you would trust just based on the domain name, then anybody could issue their own a certificate with your domain name and you would trust it.

You should instead make sure that you get a certificate which is

  • is issued by a trusted CA
  • is issued for the same hostname you use to access the site.

If the certificate fits these requirements no special validations are needed.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • After check with analytics, I'm getting the error "No peer certificate" only at android 4.2.2. – Isquierdo Mar 24 '15 at 17:29
  • Then you are probably using a CA which is not yet in the trust store or you might need to add certificates to the chain to verify correctly. Check your sie with [SSLLabs](https://www.ssllabs.com/ssltest/analyze.html?d=mail.lucasit.com) and look out for chain issues. – Steffen Ullrich Mar 24 '15 at 17:33
  • I tested with SSLLabs and get: Chain issues None – Isquierdo Mar 24 '15 at 17:42
  • Check for alternative chains. If you need more help please publish the URL. – Steffen Ullrich Mar 24 '15 at 17:45
  • Thank you for your help. I cannot publish my client URL and they want change the CA... But here is the result from SSLLabs: http://s15.postimg.org/5ltxiqesb/ssllabs.jpg – Isquierdo Mar 24 '15 at 18:17
  • @Isquierdo: look at trust path #2 and try to include this "extra download" certificate into your chain instead of the current chain certificate. Then the chain will lead to a root certificate which is much older and which is probably included in Android 4.2 already. – Steffen Ullrich Mar 24 '15 at 18:37
  • I don't really know how to include this extra download. This kind of SSL complications is not something I was expecting to deal with in this project. Can you explain how to include this, or send me some example? tks – Isquierdo Mar 24 '15 at 18:43
  • This is a thing you have to do on the server side and how this is done depends on the server. There is usually lots of documentation on this topic on the internet. If in doubt ask at serverfault.com. The certificate itself can probably be downloaded directly from the SSLLabs analysis. – Steffen Ullrich Mar 24 '15 at 18:47