5

We have an internal CA server.

We have an Android app that should communicate via https with our webserver, and have generated the required certificates. When we connect to the server through our app, it fails with the current stacktrace:

 Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

But when we browse the server through Android Chrome it works, and we get a green keylock. We have uploaded the certificate on the android device under settings. So it's listed under User certificates.

My question is: Do I need to do anything codewise? I figured that the app would look at the certificates located on the phone, and use this. The way Chrome seems to do. But some guides tell me that I manually have make a keystore and supply this to the SSLFactory (Link to guide). But on other pages it seems that this should work out of the box...

Can anyone point me in the right direction?

imisssnake
  • 51
  • 3
  • 1
    You've answered yourself (and me on the way) in part. My thanks, as your question saved me several **additional** hours of pain. According to Pravin Divraniya (https://stackoverflow.com/a/40743463/5276890) this is a change in Android Nougat. – Roy Falk Aug 05 '18 at 19:31
  • I encountered the same issue, assuming you are using Android N and onwards, this answer explains why the cert is not working for your app (esp. if you don't have control over the app): https://stackoverflow.com/a/22040887/1234376. I guess Chrome must have special handing for user added CA cert to bypass the restriction imposed on applications. – Chen Xie Dec 04 '19 at 08:19

0 Answers0