Android SSL error: certificate not trusted

In the app I'm working on, I have to make an HTTPS connection to my web server which uses self signed certificate. I was getting certificate not trusted errors and after consulting SO, I found this blog posting: http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates/

I created a JKS keystore for my tomcat running on my local machine using Keytool with following command

 keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

And i extracted certificate from that JKS keystore in DER Encoded format using a open source tool called portecle

And then i created a new BKS KeyStore with the above certificate using the same portecle tool as android has built support for Bouncy Castle provider.

Now if i make a http post as shown in the first URL, I am get开发者_Go百科ting the following exception in the logcat.

WARN/System.err(498): javax.net.ssl.SSLException: Not trusted server certificate
WARN/System.err(498):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
WARN/System.err(498):     at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
WARN/System.err(498):     at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
WARN/System.err(498):     at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164)
WARN/System.err(498):     at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
WARN/System.err(498):     at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
WARN/System.err(498):     at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
WARN/System.err(498):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
WARN/System.err(498):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
WARN/System.err(498):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
WARN/System.err(498):     at com.portal.activity.Registration$ProgressThread.run(Registration.java:324)
WARN/System.err(498): Caused by: java.security.cert.CertificateException: java.security.InvalidAlgorithmParameterException: the trust anchors set is empty
WARN/System.err(498):     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:151)
WARN/System.err(498):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
WARN/System.err(498):     ... 10 more
WARN/System.err(498): Caused by: java.security.InvalidAlgorithmParameterException: the trust anchors set is empty
WARN/System.err(498):     at java.security.cert.PKIXParameters.checkTrustAnchors(PKIXParameters.java:611)
WARN/System.err(498):     at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:86)
WARN/System.err(498):     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.<init>(TrustManagerImpl.java:82)
WARN/System.err(498):     at org.apache.harmony.xnet.provider.jsse.TrustManagerFactoryImpl.engineGetTrustManagers(TrustManagerFactoryImpl.java:132)
WARN/System.err(498):     at javax.net.ssl.TrustManagerFactory.getTrustManagers(TrustManagerFactory.java:226)
WARN/System.err(498):     at org.apache.http.conn.ssl.SSLSocketFactory.createTrustManagers(SSLSocketFactory.java:263)
WARN/System.err(498):     at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:190)
WARN/System.err(498):     at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:216)
WARN/System.err(498):     at com.portal.httpclient.MyHttpClient.newSslSocketFactory(MyHttpClient.java:51)
WARN/System.err(498):     at com.portal.httpclient.MyHttpClient.createClientConnectionManager(MyHttpClient.java:31)
WARN/System.err(498):     at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:221)
WARN/System.err(498):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:539)
WARN/System.err(498):     ... 3 more

My HttpClient is same as in the first URL except that ports for http and https are changed to 8080 and 8443 instead of 80 and 443 respectively.

Please help.

You can find instructions for using custom truststores with Android here http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

Briefly:

• Get the public cert for the server
• Create a BKS truststore with that certificate
• Create and use a custom HttpClient for your post

Sounds like you've done the top two but not the bottom step.

Also, did Portecle use the correct flags? You need the trustcacerts flag when creating the BKS store or it won't work.

I stopped using portecle and did everything using commandline

i am using just keytool for doing everything as shown in the URL of my question.

It worked for me.