Hello, I hate to cross-post, but I have posted a question here: http://stackoverflow.com/questions/24518570/client-certificate-not-sent-from-android-to-ssl-server
Basically, I am trying to use my own CA, and my own cert signed by that CA to connect to a server that has a cert signed by that same CA. I am unable to get my android client to send a cert to the server. What am I doing wrong? I am using a SSL utility class to help manage the keystores. https://github.com/ubergeek42/weechat-android/blob/master/weechat-android/src/main/java/com/ubergeek42/WeechatAndroid/service/SSLHandler.java My basic idea is that I am loading my CA's cert into a keystore, and then using that keystore to initialize a TrustManagerFactory. I then make another keystore, load in my client-cert, and then initialize a KeyManagerFactory with that store. Finally, I create the socket factory with those trust and key managers: sslCertSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(100000); sslCertSocketFactory.setKeyManagers(kmf.getKeyManagers()); sslCertSocketFactory.setTrustManagers(tmf.getTrustManagers()); Now, whenever I use that factory to creatSocket(), I get a SSLHandshakeException on the android client, and the server simply reports the peer did not send a cert. The whole point was to be able to use sslCertSocketFactory.setHostname(socket, "mysniname.local"); To set the SNI servername so that my server knows what to do with the incoming connection. I have been stuck for days, any help is appreciated. If it is possible to produce my end result (the SNI functionality) with something else entirely, I am all ears. Thanks! -Derek -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
