I'm using the BouncyCastle provider and Apache HttpClient to trust an SSL certificate, as described by Antoine Hauck here.
The app I've made targets Android 1.5, and works fine on the emulator and a device running 3.0. However, when I try to test it on 2.2 (Galaxy S), an SSLException, "Not trusted Server Certificate", occurs.
Since there's no errors complaining about BouncyCastle itself, I'm assuming the device is not reading the certificates properly from the .bks file. Is what I'm attempting possible using BouncyCastle on Android version 2.2, or does something just need to be altered from the working 3.0 app?
Update
When I tried to run the app again today, it worked correctly the first time. I've tried it several times now, and it sometimes runs properly but sometimes still gets the SSLException. There doesn't seem to be any pattern to when this occurs - it might work a few times in a row and then fail repeatedly.
Could be the provider of the certificate is not trusted, try checking trusted providers
Related
WebAPI (built with .Net) is hosted on a server and called from iOS and Android apps using HTTPS. No changes has been made in certificates or otherwise. iOS app works fine, web app using the same api works fine but since this morning all Android apps (running on Android version 5x or less only) using the API has stared crashing with this error.
android.runtime.JavaProxyThrowable: System.AggregateException: One or more errors occurred. ---> System.Net.WebException: Error: TrustFailure (The authentication or decryption has failed.) ---> System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server.
Checked certificates, certificate chain, everything. No issues. If the certificate is invalid, no other apps should be working and why all of a sudden. Can someone point to where to look. I searched this site and found a few threads but their solutions require changes in Android app code. That can't be done (and deployed) so quickly. Why all of a sudden, if someone can throw some light on it. Even nothing has been updated in our test Android devices.
Tested the server through ssllab and handshakes come on Android simulations:
Solved and the app on those older Android versions works now. I had to disable COMODO root certificate COMODO RSA Certification Authority with SHA1 key afe5d244a8d1194230ff479fe2f897bbcd7a8cb4 in certificate manager everywhere it was. Apparently windows update added this and it was somehow conflicting and making an intermediate certificate not being sent from the server (in the second certificate chain, the first chain was ok). Normally if an intermediate certificate is not sent, clients download it from the issuer but Android mono framework apparently doesn't do that.
Thank you Adm Selec https://community.qualys.com/thread/15295 for the solution.
I am trying to authenticate my android application over a https connection to the server.
I a getting the following exception while trying to authenticate. While looked up for solution, there were lots of suggestions about binding certificate with apk, ignoring the certificate validation etc.
Detailed StackTrace
The problem is, in few phones and emulators this authentication over https works perfectly fine. And in my phone as well as in my emulator it doesn't go through. So looks like its more of a device issue than code one.
Has anyone else have faced this kind of issue and sorted out?
The error meaning is: the SSL certificate chain (from the server certificate to a trust anchor in the Root CA store) has been rebuild by the application but the validation of this chain failed for any reason.
In the stacktrace the underlying error is java.security.NoSuchProviderException: AndroidOpenSSL. It means that the application tries to instantiate a signature validation object with a cryptographic provider which is not present in the android system. This error makes me thinking that it may be an android version issue.
Can you tell us the target API level used to build your application? And what are the versions of the terminals on which the application works and does not work?
So I am running a few automated tests on an android emulator. I have two environments, my development PC running the android emulator, and our testing server running the android emulator. When I open the emulator and the browser app within the emulator, I can navigate to secure websites no problem. (For instance, google mail). However, in my testing server environment, I am seeing certificate errors on sites whose certificates should well be trusted. Is there an emulator configuration option for certificates that I am missing? Does the emulator need to connect to a service to verify the certificates and does not have access?
Ensure that the date and time are set properly on the emulator. An incorrect time setting may well invalidate the certificate because it's not within validity window.
I devloped an android app on 2.2. I used the Soap webservices in my app through https.
I used ssl certification to access those services. It works fine in version 2.2, but now my client want it on 2.1. So I changed the version and min sdk levels but when I run the app in 2.1 it gives me SSl socket exception. Now in my root folder of project it is showing 2.1 version. Could any one help me out?
There is a change in android OS 2.1 to 2.2 that has to do with SSL certificates. But cannot find the url right now.
In order to avoid that you could catch the exception and on SSLException you could reconnect the server with a non-secure connection. Keeping a sharedpreference in case of exception for future use of non-secure connections will avoid double connections all the time.
It not so elegant or secure way but it works for me.
I recently noticed that an application I'm building fails to load properly on Android 2.2 due to an SSL certificate warning:
But it works just fine on Android 2.3. I didn't try any other versions yet. Any ideas what might be going on?
My current hypothesis is that Android 2.2's browser do not load intermediate certificates, can anybody confirm or deny that?