All geek questions in one place

SSL error for Android: certificate is not trusted ... sometimes

In the application I'm working on, I have to make an HTTPS connection to the web server. I received certificates without trusted errors and after consulting stackoverflow, I found this blog post: http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates/

It seems that the CA for this server is not included in the default Android storage. In a nutshell, I downloaded all the certificates, created a keystore with the BKS provider, imported the keys, imported the keystore into my project, subclassed the DefaultHttpClient class to force it to use my keystore.

After following the steps on the blog, it worked great on an emulator. However, when I test it on the device, it is interrupted intermittently. I think I highlighted the template. It seems like after some time has passed, and I'm trying to make an HTTPS connection, this will fail. Then, if I try to make the same connection again, it will succeed. If I wait a while, and then try again, this fails for the first time, I can try again. Perhaps I will fix this by simply making several attempts at failure, but I would like to know what is going on. Behavior offers some kind of cache, but I don't know how to find it or change its behavior. Does anyone have any suggestions on what's happening or know what I'm doing wrong? Any help would be appreciated.

+4
source share
2 answers

Pure speculation, but I have problems with similar situations some time ago in the Windows / IE environment where the certificate was interrupted intermittently. In both cases, I had proxies that I did not understand, acting as intermediaries.

The first was Fiddler, a web debugger that proxied a certificate in a browser when I worked on it.

The second time I had a problem with our corporate solution for filtering via the Internet (Web Sense), which also acted as a proxy server, namely, it would allow reliable information about the certificate in the end, but not on the first try.

I do not know if this was your business, but this is the only time I have seen behavior as what you describe.

+1
source

Before opening a connection, you can create a TrustManager that does not check certificate chains and does not install them in the HttpsURLConnection. See below:

`

 private static void trustAllHosts() { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[] {}; } public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } } }; try { SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection .setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Exception e) { e.printStackTrace(); } }

`

0
source

Source: https://habr.com/ru/post/1388318/

More articles:


All Articles