Why we are getting the exception 'javax.net.ssl.SSLException: Not trusted server certificate' when using https
When I was trying to access a URL through HTTPS, I am getting an exception :
javax.net.ssl.SSLException: Not trusted server certificate Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
I found out in some posts on Stackoverflow that, It should accept some certificates. Please tell me what is the need of accepting the certificate....
Thanking you in开发者_如何学JAVA advance....
Certificates are authenticated against a root certification authority, like Verisign or Thawte. Some SSL certificates are provided with a chain of intermediate certificates to validate against, which provide the validation up to one of the top level certificates. In a case like this then you need to locally import the intermediate certificates as well as the pages certificate. These need to be imported into the local cacerts file. It is the cacerts file under Java, not sure where that will be on Android, but I have seen it linked on here previously.
Also see Adding SSL Certificate to Keystore. I think you need to do a BouncyCastle download.
This may also be more useful to your particular issue How to create a BKS (BouncyCastle) format Java Keystore that contains a client certificate chain
You have to provide SSL Certificate to Keystore as @mikey as appointed to... but if you want to allow all host without any checking (allowing all host).
public static class _FakeX509TrustManager implements X509TrustManager {
private static TrustManager[] trustManagers;
private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[] {};
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public boolean isClientTrusted(X509Certificate[] chain) {
return true;
}
public boolean isServerTrusted(X509Certificate[] chain) {
return true;
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return _AcceptedIssuers;
}
public static void allowAllSSL() {
HttpsURLConnection.setDefaultHostnameVerifier(new
HostnameVerifier(){
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
SSLContext context = null;
if (trustManagers == null) {
trustManagers = new TrustManager[] { new _FakeX509TrustManager() };
}
try {
context = SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}
}
call _FakeX509TrustManager.allowAllSSL(); in beginning of your http method. hope it helps.
精彩评论