I am trying to request an HTTPS site with Apache HttpClient 4.X from an Android application. I get javax.net.ssl.SSLPeerUnverifiedException: No peer certificate exception. I followed the different instructions for importing certificates:
None of them worked for me.
I think my problem is that the site certificate chain looks like this:
Telekom Root CA 2 is included in the default Android keystore ( /system/etc/security/cacerts.bks ). I tested this on my own phone, which I use for testing.
Now the question is, what certificates should I include in the user keystore, do all instructions tell me to provide? Just intermediaries? Only site? Both? Do I need a root certificate? Should I check the Site certificate for the chain - I will not need to provide any additional certificates, since they trust the root chain.
I would be happy if you could explain to me what is happening and how I can make it work. Please do not post workarounds that simply ignore certificates, as they are intended for production and should be safe.
source share