Getting javax.net.ssl.SSLException: Not trusted server certificate in Android

Question

I was doing a SOAP request for a http link using the following code

private String SOAPServiceCall(String url, String envelopeString) {


    final DefaultHttpClient httpClient = new DefaultHttpClient();
    // request parameters
    HttpParams params = httpClient.getParams();
    HttpConnectionParams.setConnectionTimeout(params, 50000);
    HttpConnectionParams.setSoTimeout(params, 55000);
    // set parameter
    HttpProtocolParams.setUseExpectContinue(httpClient.getParams(), true);

    // POST the envelope
    HttpPost httppost = new HttpPost(url);
    // add headers
    // httppost.setHeader("soapaction", soapAction);
    httppost.setHeader("Content-Type", "text/xml; charset=utf-8");

    String responseString = "";
    try {

        HttpEntity entity = new StringEntity(envelopeString);
        httppost.setEntity(entity);

        // Response handler
        ResponseHandler<String> rh = new ResponseHandler<String>() {
            // invoked when client receives response
            public String handleResponse(HttpResponse response)
                    throws ClientProtocolException, IOException {

                // get response entity
                HttpEntity entity = response.getEntity();

                // read the response as byte array
                StringBuffer out = new StringBuffer();
                byte[] b = EntityUtils.toByteArray(entity);

                // write the response byte array to a string buffer
                out.append(new String(b, 0, b.length));
                return out.toString();
            }
        };

        responseString = httpClient.execute(httppost, rh);

    } catch (Exception e) {
        e.printStackTrace();
    }

    // close the connection
    httpClient.getConnectionManager().shutdown();

    return responseString;

}

Everything worked fine. But now my client has changed from http to https, so I used the following code:

private String SOAPServiceCall(String url, String envelopeString) {


    StringBuffer buffer = null;
    try {
        URL address=new URL(url);
        URLConnection connection=address.openConnection();
        HttpsURLConnection post=(HttpsURLConnection)connection;
        post.setDoInput(true);
        post.setDoOutput(true);
        post.setRequestMethod("POST");
        //post.setRequestProperty("SOAPAction", soapAction);
        post.setRequestProperty( "Content-type", "text/xml; charset=utf-8" );
        post.setRequestProperty( "Content-Length", String.valueOf(envelopeString.length()));
        post.setReadTimeout(4000);

        OutputStream outStream=post.getOutputStream();
        Writer out=new OutputStreamWriter(outStream);
        out.write(envelopeString);
        out.flush();
        out.close();

        InputStream inStream = post.getInputStream();
        BufferedInputStream in = new BufferedInputStream(inStream,4);
        buffer = new StringBuffer();
        // read 4 bytes a time
        byte[] buffArray=new byte[4];
        int c=0;
            while((c=in.read(buffArray))!=-1){
                for(int i=0;i<c;i++)
                    buffer.append((char)buffArray[i]);
            }

    return buffer.toString();
    } catch (MalformedURLException e) {
        e.printStackTrace();
    } catch (ProtocolException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }

    return null;
}

I am using this code from the this link.

Now I am getting:

06-23 17:30:26.879: W/System.err(2168): javax.net.ssl.SSLException: Not trusted server certificate
06-23 17:30:26.889: W/System.err(2168):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
06-23 17:30:26.889: W/System.err(2168):     at org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnection.getSecureSocket(HttpConnection.java:168)
06-23 17:30:26.899: W/System.err(2168):     at org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:399)
06-23 17:30:26.899: W/System.err(2168):     at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.sendRequest(HttpURLConnectionImpl.java:1325)
06-23 17:30:26.909: W/System.err(2168):     at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.doRequestInternal(HttpURLConnectionImpl.java:1656)
06-23 17:30:26.909: W/System.err(2168):     at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.doRequest(HttpURLConnectionImpl.java:1649)
06-23 17:30:26.909: W/System.err(2168):     at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:1248)
06-23 17:30:26.919: W/System.err(2168):     at org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:263)
06-23 17:30:26.919: W/System.err(2168):     at org.apis.SOAPRequest.SOAPServiceCall(SOAPRequest.java:184)
06-23 17:30:26.929: W/System.err(2168):     at org.apis.SOAPRequest.retrieveSessionId(SOAPRequest.java:125)
06-23 17:30:26.929: W/System.err(2168):     at org.activity.LoginPage$FetchSessionIDTask.doInBackground(LoginPage.java:76)
06-23 17:30:26.929: W/System.err(2168):     at org.activity.LoginPage$FetchSessionIDTask.doInBackground(LoginPage.java:1)
06-23 17:30:26.929: W/System.err(2168):     at android.os.AsyncTask$2.call(AsyncTask.java:185)
06-23 17:30:26.929: W/System.err(2168):     at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
06-23 17:30:26.929: W/System.err(2168):     at java.util.concurrent.FutureTask.run(FutureTask.java:137)
06-23 17:30:26.929: W/System.err(2168):     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
06-23 17:30:26.929: W/System.err(2168):     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
06-23 17:30:26.939: W/System.err(2168):     at java.lang.Thread.run(Thread.java:1102)
06-23 17:30:26.939: W/System.err(2168): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
06-23 17:30:26.939: W/System.err(2168):     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
06-23 17:30:26.939: W/System.err(2168):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
06-23 17:30:26.939: W/System.err(2168):     ... 17 more
06-23 17:30:26.939: W/System.err(2168): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
06-23 17:30:26.949: W/System.err(2168):     at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149)
06-23 17:30:26.949: W/System.err(2168):     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
06-23 17:30:26.949: W/System.err(2168):     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
06-23 17:30:26.949: W/System.err(2168):     ... 18 more

So I googled and found these links:

link 1
link 2
link 3
link 4
link 5
link 6
link 7 (good one.. but not for beginners)
link 8
link 9
link 10

and much more.

But I am not able to fix this issue; I am very much confused about this now and I don't know where to start from and which is the right way.

I did not try the keystroke methods as it needed some certificate, which I have no idea what it is. I found from the exception that its looking for some trusted certificate

Where should I start from and what approach to take, and what is that certificate, how will I download it, etc?

score 3 · Answer 1 · answered Aug 25 '12 at 20:46

Let me know if this works for you.. In your SOAPServiceCall() method add this,

trustAllHosts();
 HttpsURLConnection post = (HttpsURLConnection) url.openConnection();
 https.setHostnameVerifier(DO_NOT_VERIFY);


and add these methods,
// always verify the host - dont check for certificate
final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
        public boolean verify(String hostname, SSLSession session) {
                return true;
        }
};

/**
 * Trust every server - dont check for any certificate
 */
private static void trustAllHosts() {
        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return new java.security.cert.X509Certificate[] {};
                }

                public void checkClientTrusted(X509Certificate[] chain,
                                String authType) throws CertificateException {
                }

                public void checkServerTrusted(X509Certificate[] chain,
                                String authType) throws CertificateException {
                }
        } };

        // Install the all-trusting trust manager
        try {
                SSLContext sc = SSLContext.getInstance("TLS");
                sc.init(null, trustAllCerts, new java.security.SecureRandom());
                HttpsURLConnection
                                .setDefaultSSLSocketFactory(sc.getSocketFactory());
        } catch (Exception e) {
                e.printStackTrace();
        }
}

Reference:http://stackoverflow.com/questions/995514/https-connection-android#1000205

Getting javax.net.ssl.SSLException: Not trusted server certificate in Android

1 Answers1