0

When I was trying to access a URL through HTTPS, I am getting an exception :

javax.net.ssl.SSLException: Not trusted server certificate Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.

I found out in some posts on Stackoverflow that, It should accept some certificates. Please tell me what is the need of accepting the certificate....

Thanking you in advance....

Jomia
  • 3,414
  • 10
  • 46
  • 63

2 Answers2

0

Certificates are authenticated against a root certification authority, like Verisign or Thawte. Some SSL certificates are provided with a chain of intermediate certificates to validate against, which provide the validation up to one of the top level certificates. In a case like this then you need to locally import the intermediate certificates as well as the pages certificate. These need to be imported into the local cacerts file. It is the cacerts file under Java, not sure where that will be on Android, but I have seen it linked on here previously.

Also see Adding SSL Certificate to Keystore. I think you need to do a BouncyCastle download.

This may also be more useful to your particular issue How to create a BKS (BouncyCastle) format Java Keystore that contains a client certificate chain

Community
  • 1
  • 1
mikey
  • 2,022
  • 1
  • 13
  • 6
  • Actually my server is using trusted certificate. Is it necessary to create and import SSL certificate on Keystore for simply accessing a url? I am totally new to this topic. Please tell me how to create this subject.... – Jomia Oct 11 '11 at 11:49
  • Where should I get this SSL certificate? I am totally confused how to do these thing? Can u suggest a good tutorial which exaplain A-Z steps for making an Https connection? – Jomia Oct 12 '11 at 06:06
  • 1
    Browse the https URL. Click on the padlock (in IE8). Click View Certificates on the Website Identification popup. Click the Details tab. Click the Copy to File button. I normally save the file as a DER, but YMMV. Import the saved file into your keystore. HTH. – mikey Oct 19 '11 at 08:56
0

You have to provide SSL Certificate to Keystore as @mikey as appointed to... but if you want to allow all host without any checking (allowing all host).

public static class _FakeX509TrustManager implements X509TrustManager {

    private static TrustManager[] trustManagers;
    private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[] {};

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    }

    public boolean isClientTrusted(X509Certificate[] chain) {
            return true;
    }

    public boolean isServerTrusted(X509Certificate[] chain) {
            return true;
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
            return _AcceptedIssuers;
    }

    public static void allowAllSSL() {
        HttpsURLConnection.setDefaultHostnameVerifier(new 
                HostnameVerifier(){
                @Override
                public boolean verify(String hostname, SSLSession session) {
                        return true;
                }

        });

        SSLContext context = null;
        if (trustManagers == null) {
                trustManagers = new TrustManager[] { new _FakeX509TrustManager() };
        }

        try {
                context = SSLContext.getInstance("TLS");
                context.init(null, trustManagers, new SecureRandom());
        } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
        } catch (KeyManagementException e) {
                e.printStackTrace();
        }


        HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}

}

call _FakeX509TrustManager.allowAllSSL(); in beginning of your http method. hope it helps.

HelmiB
  • 12,303
  • 5
  • 41
  • 68