Aerogear SSLHandshakeException CertPathValidatorException

Question

I have just started tested the aerogear push notifcation solution. I installed it locally via docker. It seems that there're issues with the SSL certificate. I even found this ticket which seems to be closed. I tried to register an android Emulator and I am getting the following issue:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:328)
at com.android.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:103)
at com.android.okhttp.Connection.connect(Connection.java:143)
at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:185)
at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
at com.android.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:341)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:248)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:433)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:114)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:245)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java)
at org.jboss.aerogear.android.pipe.http.HttpRestProvider.addBodyRequest(HttpRestProvider.java:219)
at org.jboss.aerogear.android.pipe.http.HttpRestProvider.post(HttpRestProvider.java:147)
at org.jboss.aerogear.android.pipe.http.HttpRestProvider.post(HttpRestProvider.java:134)
at org.jboss.aerogear.android.unifiedpush.fcm.AeroGearFCMPushRegistrar$4.doInBackground(AeroGearFCMPushRegistrar.java:180)
at org.jboss.aerogear.android.unifiedpush.fcm.AeroGearFCMPushRegistrar$4.doInBackground(AeroGearFCMPushRegistrar.java:135)
at android.os.AsyncTask$2.call(AsyncTask.java:295)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
at java.lang.Thread.run(Thread.java:818)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318)
at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:219)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:115)
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:556)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
at com.android.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:103) 
at com.android.okhttp.Connection.connect(Connection.java:143) 
at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:185) 
at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128) 
at com.android.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:341) 
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330) 
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:248) 
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:433) 
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:114) 
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:245) 
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218) 
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java) 
at org.jboss.aerogear.android.pipe.http.HttpRestProvider.addBodyRequest(HttpRestProvider.java:219) 
at org.jboss.aerogear.android.pipe.http.HttpRestProvider.post(HttpRestProvider.java:147) 
at org.jboss.aerogear.android.pipe.http.HttpRestProvider.post(HttpRestProvider.java:134) 
at org.jboss.aerogear.android.unifiedpush.fcm.AeroGearFCMPushRegistrar$4.doInBackground(AeroGearFCMPushRegistrar.java:180) 
at org.jboss.aerogear.android.unifiedpush.fcm.AeroGearFCMPushRegistrar$4.doInBackground(AeroGearFCMPushRegistrar.java:135) 
at android.os.AsyncTask$2.call(AsyncTask.java:295) 
at java.util.concurrent.FutureTask.run(FutureTask.java:237) 
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234) 
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113) 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588) 
at java.lang.Thread.run(Thread.java:818) 
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318) 
at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:219) 
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:115) 
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:556) 
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324) 
at com.android.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:103) 
at com.android.okhttp.Connection.connect(Connection.java:143) 
at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:185) 
at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128) 
at com.android.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:341) 
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330) 
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:248) 
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:433) 
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:114) 
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:245) 
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218) 
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java) 
at org.jboss.aerogear.android.pipe.http.HttpRestProvider.addBodyRequest(HttpRestProvider.java:219) 
at org.jboss.aerogear.android.pipe.http.HttpRestProvider.post(HttpRestProvider.java:147) 
at org.jboss.aerogear.android.pipe.http.HttpRestProvider.post(HttpRestProvider.java:134) 
at org.jboss.aerogear.android.unifiedpush.fcm.AeroGearFCMPushRegistrar$4.doInBackground(AeroGearFCMPushRegistrar.java:180) 
at org.jboss.aerogear.android.unifiedpush.fcm.AeroGearFCMPushRegistrar$4.doInBackground(AeroGearFCMPushRegistrar.java:135) 
at android.os.AsyncTask$2.call(AsyncTask.java:295) 
at java.util.concurrent.FutureTask.run(FutureTask.java:237) 
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234) 
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113) 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588) 
at java.lang.Thread.run(Thread.java:818)

score 0 · Answer 1 · edited May 23 '17 at 12:01

0

Wildfly inside of Docker is using a self signed certificate to encrypt HTTP traffic between Android and UPS. There are several ways to work around this.

Sign your certificate using a certificate authority
Expose port 8080 in your Docker image and connect using that
Use certificate pinning in Android N and load the SSL certificate that Wildfly is using into your app (https://developer.android.com/training/articles/security-config.html#CertificatePinning)
Inject a TrustManager that ignores SSL errors (telling java to accept self-signed ssl certificate)

edited May 23 '17 at 12:01

Community

1
1

answered Jan 10 '17 at 16:04

Summers Pittman

199
1
8

Thanks a lot for your answer. I have seen such workarounds (the ticket that I spoke about in the link in the question is also proposing quiet the same). I was wondering if I could get a real solution (without ignoring SSL errors...). – ahmed_khan_89 Jan 11 '17 at 09:08
The real solutions are to use a certificate signed by LetsEncrypt (or any other authority), use certificate pinning, use a proxy, or don't use https. – Summers Pittman Jan 11 '17 at 14:18

Aerogear SSLHandshakeException CertPathValidatorException

1 Answers1