How do I call a secure (SSL) webservice in Android, when Android does not see the certificate?

Question

I'm new to Android and I'am struggling to make a call to an SSL web service for an Android Application. My code is as follows:

Log.v("fs", "Making HTTP call...");
HttpClient http = new DefaultHttpClient();
HttpGet request = new HttpGet("https://example.com/api");

try {

    String response = http.execute(request, new BasicResponseHandler());
    Log.v("fs", response);

} catch (Exception e) {

    Log.v("fs", e.toString());
}

The Output is:

Making HTTP call...
javax.net.SSLPeerUnverifiedException: No peer certificate

Any suggestions to make this work would be great.

I should note that this is a valid cert. It is signed by an official CA.

Are the SSL certificates valid or are you using some dev server? — Amir Raminfar, Jan 13 '11 at 21:58
Maybe this http://stackoverflow.com/questions/3761737/https-get-ssl-with-android-and-self-signed-server-certificate — Amir Raminfar, Jan 13 '11 at 22:00
I have the same problem has you, have you found a working solution to this ? — Michael B., May 30 '11 at 15:06
@mmattax: Did you solve this problem? If yes, could you post your solution as an answer? — Paŭlo Ebermann, Aug 16 '11 at 20:46

score 2 · Answer 1 · answered Oct 24 '11 at 08:48

2

Have you test that the mobile date and hour are the correct ones ??, if you are using SSL and have your mobile in 1990 it will return

javax.net.SSLPeerUnverifiedException: No peer certificate

Regards

answered Oct 24 '11 at 08:48

mutalistik

21
2

score 1 · Answer 2 · edited Sep 08 '12 at 13:08

SchemeRegistry schemeRegistry = new SchemeRegistry(); 
schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
schemeRegistry.register(new Scheme("mxiss", SSLSocketFactory.getSocketFactory(), 443));


HttpParams params = new BasicHttpParams(); 
int timeoutConnection = 5000; 
HttpConnectionParams.setConnectionTimeout(params, timeoutConnection); 
int timeoutSocket = 10000; 
HttpConnectionParams.setSoTimeout(params, timeoutSocket);

params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 30); 

params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE, new ConnPerRouteBean); 

params.setParameter(HttpProtocolParams.USE_EXPECT_CONTINUE, false); 

HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);


ThreadSafeClientConnManager cm = new ThreadSafeClientConnManager(params, schemeRegistry);

_client = new DefaultHttpClient(cm, params);

retromuz · Answer 3 · 2011-12-16T03:57:31.290

Try the following. I have added SSLSocketFactory to handle SSL connections, plus it adds support for handling multiple connections simultaneously using ThreadSafeClientConnManager. You can remove socket timeout and connection timeouts.

    SchemeRegistry schemeRegistry = new SchemeRegistry();
    schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
    schemeRegistry.register(new Scheme("mxiss", SSLSocketFactory.getSocketFactory(), 443));

    HttpParams params = new BasicHttpParams();
    int timeoutConnection = 5000;
    HttpConnectionParams.setConnectionTimeout(params, timeoutConnection);
    int timeoutSocket = 10000;
    HttpConnectionParams.setSoTimeout(params, timeoutSocket);
    params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 30);
    params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE, new ConnPerRouteBean(30));
    params.setParameter(HttpProtocolParams.USE_EXPECT_CONTINUE, false);
    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);

    ThreadSafeClientConnManager cm = new ThreadSafeClientConnManager(params, schemeRegistry);

    _client = new DefaultHttpClient(cm, params);

Hope this helps.

If your client does not trust the server certificate register a different protocol and accept all certificates for that protocol. You should first register protocol before doing anything.

Protocol mxiss = new Protocol("mxiss", new EasySSLProtocolSocketFactory(), 443);
Protocol.registerProtocol("mxiss", mxiss);

Then instead of "https" you have to use "mxiss"

EasySSLProtocolSocketFactory comes from org.apache.commons.httpclient.contrib.ssl. Put the jar file http://repo1.maven.org/maven2/ca/juliusdavies/not-yet-commons-ssl/0.3.11/not-yet-commons-ssl-0.3.11.jar in your classpath.

I have the same problem and your solution does not seem to have any impact :-(. — Carsten, Dec 16 '11 at 02:13
In my case it turned out that the problems was that my android device does not trust the root certificate by the CA. Firefox on Android seems to use its own root certificates and Windows also trusts it, but apps using the standard trusted CAs for the device have a problem. — Carsten, Dec 16 '11 at 04:06

score 0 · Answer 4 · edited Aug 03 '12 at 02:11

0

I too think this is an issue with server's certificate. Pls check out the InstallCert.java program given here: http://blogs.oracle.com/andreas/entry/no_more_unable_to_find. This can be a good way to verify server's certificate. If you can't download that using this program, I would say, verify your server again.
Post your results after using this program here, and we will take it from there.

edited Aug 03 '12 at 02:11

Bill the Lizard

398,270
210
566
880

answered Jan 13 '11 at 23:45

cheekoo

887
12
22

1

I compiled and ran the program, the output: Starting SSL handshake...No errors, certificate is already trusted – mmattax Jan 14 '11 at 01:51
Did you try the link I sent you to disable SSL validation. If that works then you know what the problem is. I recall godaddy's ssl certs were kinda funky. – Amir Raminfar Jan 14 '11 at 18:39
The link is dead, can we find it elsewhere ? – Michael B. May 30 '11 at 15:06
i have the java file on my machine. Not sure how to share? Is it fine if i put it on site like hotfile or rapidhsare or something? This java file is copyright of ORACLE. – cheekoo Jun 01 '11 at 00:42
Hello Michael, please try this: http://dl.dropbox.com/u/19757158/InstallCert.java – cheekoo Jun 01 '11 at 17:44
It looks like the article is mirrored at http://dreamingthings.blogspot.com/2006/12/no-more-unable-to-find-valid.html. But this page doesn't have the file, either. – Paŭlo Ebermann Aug 16 '11 at 21:00

score -11 · Answer 5 · answered Feb 07 '11 at 15:23

-11

i assume you cannot have Get in HTTPS webservice. Only Method allowed is POST try that and see.

answered Feb 07 '11 at 15:23

jeet

7

3

Where did you get this from. Do you know this or are you just guessing. In fact even for HTTPS all of the standard HTTP methods are allowed. If GET wouldn't be allowed you wouldn't be able to get any web page in your browser when accessing it via HTTPS. – sven Feb 08 '11 at 15:45
4

This answer is so wrong that I wish I had another downvote for it. – Nik Reiman Oct 20 '11 at 11:45
1

HTTPS and POST are two different things in different layers. – retromuz Dec 16 '11 at 04:00

How do I call a secure (SSL) webservice in Android, when Android does not see the certificate?

5 Answers5