In the app I'm working on, I have to make an HTTPS connection to my web server which uses self signed certificate. I was getting certificate not trusted errors and after consulting SO, I found this blog posting: http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates/
I created a JKS keystore for my tomcat running on my local machine using Keytool with following command
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
And i extracted certificate from that JKS keystore in DER Encoded format using a open source tool called portecle
And then i created a new BKS KeyStore with the above certificate using the same portecle tool as android has built support for Bouncy Castle provider.
Now if i make a http post as shown in the first URL, I am get开发者_Go百科ting the following exception in the logcat.
WARN/System.err(498): javax.net.ssl.SSLException: Not trusted server certificate
WARN/System.err(498): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
WARN/System.err(498): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
WARN/System.err(498): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
WARN/System.err(498): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164)
WARN/System.err(498): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
WARN/System.err(498): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
WARN/System.err(498): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
WARN/System.err(498): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
WARN/System.err(498): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
WARN/System.err(498): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
WARN/System.err(498): at com.portal.activity.Registration$ProgressThread.run(Registration.java:324)
WARN/System.err(498): Caused by: java.security.cert.CertificateException: java.security.InvalidAlgorithmParameterException: the trust anchors set is empty
WARN/System.err(498): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:151)
WARN/System.err(498): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
WARN/System.err(498): ... 10 more
WARN/System.err(498): Caused by: java.security.InvalidAlgorithmParameterException: the trust anchors set is empty
WARN/System.err(498): at java.security.cert.PKIXParameters.checkTrustAnchors(PKIXParameters.java:611)
WARN/System.err(498): at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:86)
WARN/System.err(498): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.<init>(TrustManagerImpl.java:82)
WARN/System.err(498): at org.apache.harmony.xnet.provider.jsse.TrustManagerFactoryImpl.engineGetTrustManagers(TrustManagerFactoryImpl.java:132)
WARN/System.err(498): at javax.net.ssl.TrustManagerFactory.getTrustManagers(TrustManagerFactory.java:226)
WARN/System.err(498): at org.apache.http.conn.ssl.SSLSocketFactory.createTrustManagers(SSLSocketFactory.java:263)
WARN/System.err(498): at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:190)
WARN/System.err(498): at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:216)
WARN/System.err(498): at com.portal.httpclient.MyHttpClient.newSslSocketFactory(MyHttpClient.java:51)
WARN/System.err(498): at com.portal.httpclient.MyHttpClient.createClientConnectionManager(MyHttpClient.java:31)
WARN/System.err(498): at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:221)
WARN/System.err(498): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:539)
WARN/System.err(498): ... 3 more
My HttpClient is same as in the first URL except that ports for http and https are changed to 8080 and 8443 instead of 80 and 443 respectively.
Please help.
You can find instructions for using custom truststores with Android here http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html
Briefly:
- Get the public cert for the server
- Create a BKS truststore with that certificate
- Create and use a custom HttpClient for your post
Sounds like you've done the top two but not the bottom step.
Also, did Portecle use the correct flags? You need the trustcacerts flag when creating the BKS store or it won't work.
I stopped using portecle and did everything using commandline
i am using just keytool for doing everything as shown in the URL of my question.
It worked for me.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论