Https problem: Trust anchor for certification path not found

zufarfakhurtdinov · October 11, 2016, 9:31am

Hi! When I trying to use https requests it failed with “java.security.cert.CertPathValidatorException: Trust anchor for certification path not found”

gist.github.com

https://gist.github.com/zufarfakhurtdinov/fe4b00fae35d633d5b3452d118597049

gistfile1.txt


javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:344)
	at com.android.okhttp.Connection.connectTls(Connection.java:235)
	at com.android.okhttp.Connection.connectSocket(Connection.java:199)
	at com.android.okhttp.Connection.connect(Connection.java:172)
	at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367)
	at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:130)
	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)

This file has been truncated. show original

How can I fix that?
jvm, android, robovm, gwt work well with that server (and we use same http-related code for all that platforms).

kisg · October 11, 2016, 5:58pm

Hi Zufar,

do you have the SSL certificates included in your project like in the RssReader sample?

Best Regards,
Gergely

zufarfakhurtdinov · October 12, 2016, 2:24pm

How I can get that certificates? Should I just copy files from example to my project magic dir “android_root/etc/security/cacerts”?

kisg · October 12, 2016, 6:07pm

For now, yes.

I created an issue for this on GitHub, so it will be included in the SDK by default.

zufarfakhurtdinov · October 25, 2016, 9:15am

Is it fixed? I see milestone 1.2.3 but issue state is open.

liliomk · October 25, 2016, 1:11pm

Dear zufarfakhurtdinov,

we had to postpone it to MOE 1.3.0 because it required more changes than we anticipated.

jtommy · November 30, 2016, 6:12pm

Hi,
i have same problem with android studio 2.2 (mac)
I copied the certificate files (from rss reaader example) to my folder my myproject/ios/src/main/resources/android_root/etc/security/cacerts but i have that exception.
What am i forgetting ?

Thanks

saeed · April 4, 2017, 11:57am

Dear friends,

i implement all service’s by using retrofit library for this issue.
how ever i have not any problem.

test it ->

public class ServiceGeneratorCollege {

    public static String PREF_COOKIES = "pref_cookies";

    private static OkHttpClient.Builder httpClient = new OkHttpClient.Builder();

    private static Retrofit.Builder builder;

    public static <S> S createService(Class<S> serviceClass) {
        return createService(serviceClass, null);
    }

    public static <S> S createService(Class<S> serviceClass, final HashMap<String, String> headers) {

        builder = new Retrofit.Builder()
                .baseUrl("your service address")
                .addConverterFactory(GsonConverterFactory.create());

        httpClient.sslSocketFactory(getSSLSocketFactory());
        httpClient.hostnameVerifier(new HostnameVerifier() {

            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });

        OkHttpClient client = httpClient.build();
        Retrofit retrofit = builder.client(client).build();
        return retrofit.create(serviceClass);
    }

    private static SSLSocketFactory getSSLSocketFactory() {
        try {
            // Create a trust manager that does not validate certificate chains
            final TrustManager[] trustAllCerts = new TrustManager[]{
                    new X509TrustManager() {
                        @Override
                        public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                        }

                        @Override
                        public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                        }

                        @Override
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return new java.security.cert.X509Certificate[]{};
                        }
                    }
            };

            // Install the all-trusting trust manager
            final SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
            // Create an ssl socket factory with our all-trusting manager
            final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

            return sslSocketFactory;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            return null;
        }

    }
}

mohammad_reza_armagh · August 29, 2017, 8:30am

very thanks.
This code solves my problem.

Shivam_Ratan · September 13, 2017, 8:51am

Thanks ! It also worked for me

Imtiaz_Hossain · February 23, 2018, 10:52am

Thanks. It worked

tejaswi_more · May 23, 2018, 5:52am

someone please tell me where to place this code as I am getting same error in my app.

Kyaw_San_Oo · July 3, 2018, 10:58am

Thanks, it works absolutely.

Johns_Joseph · September 27, 2018, 8:31am

Can u send the serviceClass code