We have an internal CA server.
We have an Android app that should communicate via https with our webserver, and have generated the required certificates. When we connect to the server through our app, it fails with the current stacktrace:
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
But when we browse the server through Android Chrome it works, and we get a green keylock. We have uploaded the certificate on the android device under settings. So it's listed under User certificates.
My question is: Do I need to do anything codewise? I figured that the app would look at the certificates located on the phone, and use this. The way Chrome seems to do. But some guides tell me that I manually have make a keystore and supply this to the SSLFactory (Link to guide). But on other pages it seems that this should work out of the box...
Can anyone point me in the right direction?
Related
I'm following this guide for an university project: https://checkmarx.github.io/Kotlin-SCP/m3-insecure-communication/
The attack works properly, but when I change to https i get that error. Googling I've seen that maybe the problem is Android, because the Let's Encrypt SSL certificate works on local so my phone doesn't recognize it as a valid certificate (?)
Perhaps I'm not setting the certificate from Let's Encrypt right. Can someone help?
I developed a simple Android app using Expo SDK that communicates with my server via HTTPS (using Axios if it matters). I have bought the domain and use a LetsEncrypt certificate configurated in NGINX that has an A+ score in the Qualys SSL Test. The app works well with most of my clients except one that uses it under a network proxy that I don't have access to.
Every time the app tries to request the servers I get the error:
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
Which according to this article https://developer.android.com/training/articles/security-ssl?hl=en-us can happen when "The CA that issued the server certificate was unknown", "The server certificate wasn't signed by a CA, but was self signed", "The server configuration is missing an intermediate CA" which is not the case since it works with every other client.
This client uses Android 8.1 and I've already checked in “Encryption & credentials” settings that "DST Root CA X3" (which is the anchor for LetsEncrypt) is listed as a trusted root certificate in the devices.
For test purposes, I also have developed a version of my app that does not use HTTPS and it works fine even under the proxy connection.
Am I missing something here? What else could be causing this problem? Any ideas on how to replicate it? Thank you!
i'm facing problem when implementing ssl to my web. My web work as web services for android and ios. All goes very smooth until i implement the SSL certificates, suddenly the android (most of android except samsung) throw this error :
E/ErrorHTTP: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
then i google and landed to here :
google says about the error
support the google statement
work around for the error to accept the not valid ssl
it says that mostly happened because of :
The CA that issued the server certificate was unknown
The server certificate wasn't signed by a CA, but was self signed
The server configuration is missing an intermediate CA
Those three options already ruled out, i already check with ssl checker. Its none of those above, it's not unknown, it's not self signed, we're using comodo and the intermediates and root certificates also valid, you can check here : ssl checker for my link,
you can check it by yourself.
And now i'm stuck, the certificate is valid. The certificate also can open in samsung, but somehow fail in some other brand, for example xiao mi. I don't know where to look now, is it the :
the ssl configuration, i need to keep digging, even though it marked as valid in most validator.
make the android code more vulnerable, even some brand can access it, i mean is it because the brand or how ?.
The spec im using :
ASP .Net Core 2.0.
Kestrel.
Comodo certificates.
Native android.
Please help !, thank you.
I'm developing my first Xamarin.Forms App and have a backend API built using ASP.Net Core. I want all calls to the API to be via HTTPS so followed this guide for setting up HTTPS for development in ASP.NET Core. This, I believe, will let me use the IIS Express Development Certificate from within Visual Studio.
Up to this point I had been making all calls to the API from my Xamarin.Forms Android App via the emulator using HttpClient and the following http uri
http://10.0.2.2:44321/api/User
but now with SSL enabled for my API I need to make the call from the app using the following uri
https://10.0.2.2:44321/api/User
However, simply changing http to https gives the following error
{Javax.Net.Ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. ---> Java.Security.Cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. ---> Java.Security.Cert.CertPathValidatorException: Trust anchor for certification path not found.
--- End of inner exception stack trace ---
I presume this is because the the Xamarin.Forms App does not list the IIS Development Certifcate as being trusted, i.e., with Swagger (Swashbuckle) running from my API I can hit the endpoint with no problems; with postman running with SSL certificate verification turned off I can also hit the endpoint.
How can I setup a Xamarin.Forms App (specifically Android) to trust the IIS Development Certificate for development purposes?
I can't browse to my web application from visual studio while using a android emulator. I get an empty response error on the browser. When I browse to my local application from my computer, it works. I used the ip 10.0.2.2 on android emulator instead of localhost. Anybody can help me?
Check your console for any errors. I was having this issue and was seeing Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. because my locally issued certificate was invalid.
For development I overrode WebviewClient according to this answer and was able to get it working. Make sure to remove before releasing to production to prevent your application from being susceptible to man-in-the-middle attacks.