开发者

wrong version keystore when doing https call

Hello fellow android coders.

I'm trying to do a https secure call from my android code. The call goe开发者_如何学Gos fine on the emulator but on the actual Samsung Galaxy device I get a SSL error.

I used crazy bobs method for handling the cetificate. Here is crazy bobs link: http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html.

Problem is I get an error: "wrong version of keystore" inside the custom SSLSocketFactory object.

Any suggestions on what to do to fix this? Thanks.


Did you create your keystore with the Bouncy Castle format? All these 3 parameters are mandatory when creating the keystore with keytool (and especially the keystore type must be BKS):

  -storetype BKS
  -provider org.bouncycastle.jce.provider.BouncyCastleProvider
  -providerpath /path/to/bouncycastle.jar

Android uses version 1.46 of bouncycastle, make sure you use this version when creating your keystore Version 1.46 is found here


In case anyone stumbles upon this and @Jcs excellent answer does not solve it: I experienced exactly the same issues, and it turned out I didn't install the SSL certificates on my web server correctly. I got the idea when using digicert's SSL testing tool: My certificate provider used the common practice of signing server certificates with an intermediate CA. After installing the certificate chain (which links the issuer's intermediate CA to their root CA), everything worked fine.


An easy alternative is to use Portecle to generate the BKS:

  1. Download Boucycastle Provider 1.46
  2. Replace bcprov.jar in your Portecle install directory (example: C:\Program Files (x86)\Portecle\bcprov.jar). Same naming is required.
  3. Restart Portecle and generate your BKS truststore.

Remark: For me the issue was on Android 4.0.3 and that fixed it.

More explanations here.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜