1

I tried to make a secure connection between my Android App and the PHP Server via SSL and Post. However it's unfortunately not connecting to the Server, because the SSL certificate can't be verified.

HttpPost httppost = new HttpPost("https://example.me/api/index.php");

returns:

javax.net.ssl.SSLExeption: hostname in certificate didn't match: <example.me> != <*.one.com> OR <*.one.com> or <one.com>

Is there a workaround for this problem, with which I can manualy verify it? Because 

HttpPost httppost = new HttpPost("http://example.me/api/index.php");

is working like a charm :/

Full Code:

public static String[] getList(String user, String pass, String addArray, String removeArray){
            HttpClient httpclient = new DefaultHttpClient();
            HttpPost httppost = new HttpPost("https://example.me/api/index.php");

            try {

                List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
                nameValuePairs.add(new BasicNameValuePair("user", user));
                nameValuePairs.add(new BasicNameValuePair("pass", pass));
                nameValuePairs.add(new BasicNameValuePair("addArray", addArray));
                nameValuePairs.add(new BasicNameValuePair("removeArray", removeArray));
                httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));


                ResponseHandler<String> responseHandler = new BasicResponseHandler(); 
                String ResponseBody = httpclient.execute(httppost, responseHandler);

                if(ResponseBody!=null){
                      String[] list = ResponseBody.split( Pattern.quote( ";" ) );
                      return list;
                 }else{
                      String[] error = {"empty"};
                      return error;
                 }

            } catch (ClientProtocolException e) {
                String[] error = {e.toString()};
                return error;
            } catch (IOException e) {
                String[] error = {e.toString()};
                return error;
            }
}

Thanks for your help ;)

(I replaced my DNS with example.me)

Alaska
  • 309
  • 1
  • 4
  • 9
  • If the certificate matched the domain name against which it was issued, there would not be a problem. If you cant fix that (you should) see [How to handle invalid SSL certificates with Apache HttpClient?](http://stackoverflow.com/questions/1828775/how-to-handle-invalid-ssl-certificates-with-apache-httpclient) – Alex K. Oct 26 '15 at 16:44
  • The certificate is tied to a specific domain name "xxx.com" specified when you created it. If you issue a request over https to anything other than "xxx.com" - like "www.xxx.com" or "completelydifferent.com" you will get the error you are seeing. (an exception is wildcard "*.xxx.com" certificates) Open the url in a browser and you will see the same type of error. – Alex K. Oct 26 '15 at 16:59
  • @Alex K. Ok. My Chrome add-on sais that the certificate is from the type "*.example.me". So is it the exception you meant? – Alaska Oct 26 '15 at 17:05
  • type `https://idontexist.example.me` into a browser, if it loads with no ssl error then you have a wildcard certificate, type `https://example.me` into a browser if you get an ssl error then the root domain is not setup as a SAN, see http://stackoverflow.com/questions/4445934/wildcard-ssl-certificate-generates-error-when-no-subdomain-is-used – Alex K. Oct 26 '15 at 17:10
  • @Alex K. Ok. I must admit that all the SSL stuff confuses me a lot. I found out that I have a "SNI" certificate. – Alaska Oct 26 '15 at 17:19

0 Answers0