I am trying to connect via SSL and certificate to have a solid and secure connection but apparently it is not as simple as it looks like.
Using python is 100% working and can test the connecton by using these paramters
client.tls_set(ca_certs="x.pem", certfile="/y.pem.crt", keyfile="z.pem.key", cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLSv1_2,ciphers=None)
client.tls_insecure_set(True)
I was applying different varian of code found on the internet and even on here and applying the SSLSocketFactory on my MqttConnectOptions.
Common errors were like "SSL path not found" ( yes I did check if the code was reading the file and it worked ), "Trust anchor for certification path not found." and so on....
I also had issue to parse the key file to PemParse due to be in the resources but with not much luck.
This one of the link I was following as well https://gist.github.com/sharonbn/4104301 but with no much success.
Just to "complicate things", my certificate are without password and most of the examples on the web are with.
To recap:
I have x.pem, y-private.pem.key, z-certificate.pem.crt, u-public.pem.key
With python works fine
Android is not working or at least I am not able to.
In case it wasnt clean, I am after a piece of code that allows me to use the certificates above to add to my MqttConnectOptions and make a successfully connection to the server.
Related
I've created Cordova Android app, and I'm facing this issue:
When on 3G/4G, whenever I try to make request towards my server I get the error:
ERR_TUNNEL_CONNECTION_FAILED.
When I am on WIFI everything works fine. This is not happening on all Android devices, I am facing this issue on Samsung Galaxy A5 (nd some other Androids).
I've discovered that if we use HTTP instead of HTTPS everything is fine.
Also according to https://www.sslshopper.com/ssl-checker.html
and
https://www.digicert.com/help/
everything seems to be fine with our SSL cert.
How can we solve this issue?
This usually happens because your provider is configuring a proxy in your device.
Try checking your current APN setting and deleting the fields proxy and port from it.
This also can be caused if you are using a port different from 443
I wonder if you have found your answer or not, but still want to post answer for others looking for the solution: Note that Cordova doesn't allow https calls to Servers with untrusted ssl certificate installed on them. You can ignore this error and continue by making a small change in a cordova file.
Open “\cordova\platforms\android\CordovaLib\src\org\apache\cordova\
CordovaWebViewClient.java”. In 'onReceivedSslError' method, comment
the else part and add handler.proceed() instead.
This issues happens with mobile data connection because the default Access Point that came with carrier generally have proxy that will not allowing SSL Tunneling. All you have to do is to set Proxy and Port to nothing.
Also ensure to use only port 443 for HTTPS.
When I'm using the fetch function in my react native apps, things work as expected on iOS, but gives an error in android. The error is 'TypeError: Network request failed'. Doing a bit of debugging, I found that the cause of the error seems to be the following: 'java.security.cert.CertPathValidatorException: Trust anchor for certification path not found'.
How come this works in iOS and not on android, and how do I best fix it? Is the fault in react-native, or somewhere deeper?
There is a few workarounds for this issue mentioned here: Trust Anchor not found for Android SSL Connection
However, if you are the server owner. I would suggest to review your server ssl certificate. I think that was because of missing CA certificate in your pem file.
What I have done for my site is I created fullchain.pem by concating content of file.crt and file.ca-bundle as that order.
Then I configure nginx (my server behind nginx) with:
ssl_certificate /etc/nginx/ssl/fullchain.pem;
The original document: https://www.digicert.com/ssl-certificate-installation-nginx.htm
Hope that helps
I have Android 4.1.2 device.
I'm trying to download file from HTTPS and get error about not valid certificate.
Ok, I created custom TrustManager, which skips this error.
How to specify, that DownloadManager used my HttpClient whith custom TrustManager?
Implementing a custom "Dummy-TrustManager" is a simple but dumb idea as it destroys the security of SSL/TLS.
What you need instead is to trust that specific certificate of the server, not every (self-signed) certificate in the world!
There is a complete blog topic by Nikolay Elenkov which explains everything you need, including code samples: Using a Custom Certificate Trust Store on Android
There was recently certificate change on staging servers of my app. The server passes Qualys SSL test with grade A- ("The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-") so I should be able to connect via https without adding any certs to my app, keystore or whatever. Indeed, the standard Android connection method works well (http://developer.android.com/training/basics/network-ops/connecting.html).
The problem is, I am using android-async-http all over the code, which uses org.apache.http.client. And that returns javax.net.ssl.SSLPeerUnverifiedException: No peer certificate when I connect to the site!
I can't really change the connection method in current circumstances. I'd like to stay with android-async-http and connect to my site without bypassing the SSL security.
Any tips? Some additional settings to android-async-http? Or maybe altering android-async-http source code would help?
I encountered a same problem 6 months back.
I think you will be able to solve it by :
MySSLSocketFactory extends SSLSocketFactory
Then u need to use this Class where you are creating an instace of HTTPClient and pass some parameters...
I think the link below would be helpful. If it doesn't help then i can share concrete code later...
https://stackoverflow.com/a/13812958/1386533
Scenario: I am trying to debug an Android app by proxying requests through Fiddler.
I got FiddlerRoot certificate installed on the Android device, and the SSL decryption works for most requests, but for other requests I can only see the HTTPS Connect, and nothing else in the Fiddler log. I think it might be image requests over SSL that fails to decrypt.
I have double-checked that "Hide images" is off, etc. Images retrieved are hosted on another domain than the main API the app talks to.
What could cause this behaviour ? And how do I get the image requests to show in Fiddler ?
I am using the latest Fiddler4.
There are plenty of tutorials on how you can intercept HTTP(s) traffic from Android using Fiddler.
Try this one: http://docs.telerik.com/fiddler/configure-fiddler/tasks/configureforandroid
However, it will fail when you try to intercept and decrypt Android SSL traffic coming from an application, and not from a browser.
It might be that the application uses a certificate pinning – and you are probably cannot decipher this connection. Lost cause!
But more probably, the reason is a bug in the HttpsUrlConnection pipeline implementation.
To solve the issue, please proceed with the following steps:
In Fiddler click "Rules->Customize Rules";
Find function OnBeforeResponse in the script
Add following code to the function body:
if (oSession.oRequest["User-Agent"].indexOf("Dalvik") > -1 &&
oSession.HTTPMethodIs("CONNECT")) {
oSession.oResponse.headers["Connection"] = "Keep-Alive";
}
Save the file and restart Fiddler.