[android-developers] Re: SSLException: Not trusted server certificate

[gcstang]

You're welcome, you may also want this if you plan on targeting
devices with Android prior to 2.2

Add this line before you start initializing anything (this bug is
documented in the forum but not easy to find, otherwise you see that
every other response will not be returned properly, it doesn't hurt to
leave it for all versions):

System.setProperty("http.keepAlive", "false");

On Aug 30, 1:49 am, Ajay  wrote:
> Thanks a lot. This worked!!
>
> I had to change my implementation to use HttpsURLConnection, and could
> not keep my earlier implementation using DefaultHttpClient. Well, I
> think as long as it works, it should not make any difference I guess.
>
> Thank you,
> AJ
>
> On Aug 25, 6:02 pm, gcstang  wrote:
>
> > See my post here :
>
> >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > On Aug 24, 2:48 am,Ajay wrote:
>
> > > Hi,
>
> > > Since my app is going to access our own servers, I think I can use the
> > > hack of trusting all certificates. I tried the following & still
> > > fails :-(
>
> > > SchemeRegistry schemeRegistry = new SchemeRegistry();
> > > SSLSocketFactory sslSocketFactory =
> > > SSLSocketFactory.getSocketFactory();
>
> > > sslSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
> > > schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));
>
> > > ClientConnectionManager manager = new
> > > ThreadSafeClientConnManager(httpParam, schemeRegistry);
> > > DefaultHttpClient client = new DefaultHttpClient(manager, httpParam);
>
> > > Thank you,
> > > AJ
>
> > > On Aug 22, 12:10 am, Bob Kerns  wrote:
>
> > > > The CA root certificates have very long expiration dates, so this is
> > > > much less of a problem than you may assume.
>
> > > > It's still an issue -- CA certs could possibly be revoked in the event
> > > > of a vulnerability or theft. But those are relatively remote
> > > > possibilities, beyond what most phone apps would need to consider.
>
> > > > On Aug 21, 9:16 am, DanH  wrote:
>
> > > > > The current cert may only be good for another 6-12 months.  And if the
> > > > > site isn't directly under the control of the app developer, the cert
> > > > > may change at any time, and may even be changed to use a different
> > > > > root.
>
> > > > > There's probably no good solution to this problem, but the best I can
> > > > > think of is to embed another app in your app that simply installs the
> > > > > necessary cert(s), then have a way for that app to be updated as
> > > > > needed.
>
> > > > > On Aug 21, 7:09šam, Kostya Vasilyev  wrote:
>
> > > > > > Right, it does. If the site in question is part of the phone 
> > > > > > application's
> > > > > > infrastructure, I personally would find it acceptable.
>
> > > > > > --
> > > > > > Kostya Vasilyev --http://kmansoft.wordpress.com
>
> > > > > > 21.08.2010 16:06 ÐÏÌØÚÏ×ÁÔÅÌØ "DanH"  ÎÁÐÉÓÁÌ:
>
> > > > > > That assumes that the web site's cert won't change for the life of 
> > > > > > the
> > > > > > app.
>
> > > > > > On Aug 21, 3:18 am, Kostya Vasilyev  wrote:
>
> > > > > > > šAjay,
>
> > > > > > > A more cryptographically correct solution would be to install the
> > > > > > > missing Óertfiicate pieces wit...
> > > > > > > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev 
> > > > > > > >  > > > > > > >  > > > > > > > š š You being able to open the site in desktop browser and on a
> > > > > > > > š š Blackberry seems to impl...
>
> > > > > >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > > > > > > > š š This is a hack to accept all certificates.
>
> > > > > > > > š š -- Kostya
>
> > > > > > > > š š 20.08.2010 16:07,...
> > > > > > > > š š š š using the following 
> > > > > > > > site:http://www.digicert.com/helpandittold
> > > > > > > > š š š š that it was installed properly on the server.
>
> > > > > > > > š š š š On Aug 20, 4:39 pm, Kostya V...
> > > > > > > > š š š š > šwrote:
>
> > > > > > > > š š š š š š šAjay,
>
> > > > > > > > š š š š š š This can happen because the certificate is not 
> > > > > > > > signed by...
> > > > > > > > š š 
> > > > > > > > š š To unsubscribe from this group, send email to
> > > > > > > > š š android-developers+unsubscr...@googleg...
> > > > > > > > š š 
> > > > > > > >  > > > > > >  s%252bunsubscr...@googlegroups.com>
>
> > > > > > > > š š For more options, visit this group at
> > > > > > > > š šhttp://groups.google.com/group/android-develope...

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Re: SSLException: Not trusted server certificate

[Kumar Bibek]

Regarding the validity, just handle the situation, when a certificate
exception is raised. And add it again. If the certificate changes,
then any communication with the server is bound to throw a certificate
exception.

-Kumar Bibek
http://techdroid.kbeanie.com

On Aug 30, 11:49 am, Ajay  wrote:
> Thanks a lot. This worked!!
>
> I had to change my implementation to use HttpsURLConnection, and could
> not keep my earlier implementation using DefaultHttpClient. Well, I
> think as long as it works, it should not make any difference I guess.
>
> Thank you,
> AJ
>
> On Aug 25, 6:02 pm, gcstang  wrote:
>
> > See my post here :
>
> >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > On Aug 24, 2:48 am,Ajay wrote:
>
> > > Hi,
>
> > > Since my app is going to access our own servers, I think I can use the
> > > hack of trusting all certificates. I tried the following & still
> > > fails :-(
>
> > > SchemeRegistry schemeRegistry = new SchemeRegistry();
> > > SSLSocketFactory sslSocketFactory =
> > > SSLSocketFactory.getSocketFactory();
>
> > > sslSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
> > > schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));
>
> > > ClientConnectionManager manager = new
> > > ThreadSafeClientConnManager(httpParam, schemeRegistry);
> > > DefaultHttpClient client = new DefaultHttpClient(manager, httpParam);
>
> > > Thank you,
> > > AJ
>
> > > On Aug 22, 12:10 am, Bob Kerns  wrote:
>
> > > > The CA root certificates have very long expiration dates, so this is
> > > > much less of a problem than you may assume.
>
> > > > It's still an issue -- CA certs could possibly be revoked in the event
> > > > of a vulnerability or theft. But those are relatively remote
> > > > possibilities, beyond what most phone apps would need to consider.
>
> > > > On Aug 21, 9:16 am, DanH  wrote:
>
> > > > > The current cert may only be good for another 6-12 months.  And if the
> > > > > site isn't directly under the control of the app developer, the cert
> > > > > may change at any time, and may even be changed to use a different
> > > > > root.
>
> > > > > There's probably no good solution to this problem, but the best I can
> > > > > think of is to embed another app in your app that simply installs the
> > > > > necessary cert(s), then have a way for that app to be updated as
> > > > > needed.
>
> > > > > On Aug 21, 7:09šam, Kostya Vasilyev  wrote:
>
> > > > > > Right, it does. If the site in question is part of the phone 
> > > > > > application's
> > > > > > infrastructure, I personally would find it acceptable.
>
> > > > > > --
> > > > > > Kostya Vasilyev --http://kmansoft.wordpress.com
>
> > > > > > 21.08.2010 16:06 ÐÏÌØÚÏ×ÁÔÅÌØ "DanH"  ÎÁÐÉÓÁÌ:
>
> > > > > > That assumes that the web site's cert won't change for the life of 
> > > > > > the
> > > > > > app.
>
> > > > > > On Aug 21, 3:18 am, Kostya Vasilyev  wrote:
>
> > > > > > > šAjay,
>
> > > > > > > A more cryptographically correct solution would be to install the
> > > > > > > missing Óertfiicate pieces wit...
> > > > > > > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev 
> > > > > > > >  > > > > > > >  > > > > > > > š š You being able to open the site in desktop browser and on a
> > > > > > > > š š Blackberry seems to impl...
>
> > > > > >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > > > > > > > š š This is a hack to accept all certificates.
>
> > > > > > > > š š -- Kostya
>
> > > > > > > > š š 20.08.2010 16:07,...
> > > > > > > > š š š š using the following 
> > > > > > > > site:http://www.digicert.com/helpandittold
> > > > > > > > š š š š that it was installed properly on the server.
>
> > > > > > > > š š š š On Aug 20, 4:39 pm, Kostya V...
> > > > > > > > š š š š > šwrote:
>
> > > > > > > > š š š š š š šAjay,
>
> > > > > > > > š š š š š š This can happen because the certificate is not 
> > > > > > > > signed by...
> > > > > > > > š š 
> > > > > > > > š š To unsubscribe from this group, send email to
> > > > > > > > š š android-developers+unsubscr...@googleg...
> > > > > > > > š š 
> > > > > > > >  > > > > > >  s%252bunsubscr...@googlegroups.com>
>
> > > > > > > > š š For more options, visit this group at
> > > > > > > > š šhttp://groups.google.com/group/android-develope...

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Re: SSLException: Not trusted server certificate

[Ajay]

Thanks a lot. This worked!!

I had to change my implementation to use HttpsURLConnection, and could
not keep my earlier implementation using DefaultHttpClient. Well, I
think as long as it works, it should not make any difference I guess.

Thank you,
AJ

On Aug 25, 6:02 pm, gcstang  wrote:
> See my post here :
>
> http://groups.google.com/group/android-developers/browse_thread/threa...
>
> On Aug 24, 2:48 am,Ajay wrote:
>
> > Hi,
>
> > Since my app is going to access our own servers, I think I can use the
> > hack of trusting all certificates. I tried the following & still
> > fails :-(
>
> > SchemeRegistry schemeRegistry = new SchemeRegistry();
> > SSLSocketFactory sslSocketFactory =
> > SSLSocketFactory.getSocketFactory();
>
> > sslSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
> > schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));
>
> > ClientConnectionManager manager = new
> > ThreadSafeClientConnManager(httpParam, schemeRegistry);
> > DefaultHttpClient client = new DefaultHttpClient(manager, httpParam);
>
> > Thank you,
> > AJ
>
> > On Aug 22, 12:10 am, Bob Kerns  wrote:
>
> > > The CA root certificates have very long expiration dates, so this is
> > > much less of a problem than you may assume.
>
> > > It's still an issue -- CA certs could possibly be revoked in the event
> > > of a vulnerability or theft. But those are relatively remote
> > > possibilities, beyond what most phone apps would need to consider.
>
> > > On Aug 21, 9:16 am, DanH  wrote:
>
> > > > The current cert may only be good for another 6-12 months.  And if the
> > > > site isn't directly under the control of the app developer, the cert
> > > > may change at any time, and may even be changed to use a different
> > > > root.
>
> > > > There's probably no good solution to this problem, but the best I can
> > > > think of is to embed another app in your app that simply installs the
> > > > necessary cert(s), then have a way for that app to be updated as
> > > > needed.
>
> > > > On Aug 21, 7:09šam, Kostya Vasilyev  wrote:
>
> > > > > Right, it does. If the site in question is part of the phone 
> > > > > application's
> > > > > infrastructure, I personally would find it acceptable.
>
> > > > > --
> > > > > Kostya Vasilyev --http://kmansoft.wordpress.com
>
> > > > > 21.08.2010 16:06 ÐÏÌØÚÏ×ÁÔÅÌØ "DanH"  ÎÁÐÉÓÁÌ:
>
> > > > > That assumes that the web site's cert won't change for the life of the
> > > > > app.
>
> > > > > On Aug 21, 3:18 am, Kostya Vasilyev  wrote:
>
> > > > > > šAjay,
>
> > > > > > A more cryptographically correct solution would be to install the
> > > > > > missing Óertfiicate pieces wit...
> > > > > > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev 
> > > > > > >  > > > > > >  > > > > > > š š You being able to open the site in desktop browser and on a
> > > > > > > š š Blackberry seems to impl...
>
> > > > >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > > > > > > š š This is a hack to accept all certificates.
>
> > > > > > > š š -- Kostya
>
> > > > > > > š š 20.08.2010 16:07,...
> > > > > > > š š š š using the following 
> > > > > > > site:http://www.digicert.com/helpandittold
> > > > > > > š š š š that it was installed properly on the server.
>
> > > > > > > š š š š On Aug 20, 4:39 pm, Kostya V...
> > > > > > > š š š š > šwrote:
>
> > > > > > > š š š š š š šAjay,
>
> > > > > > > š š š š š š This can happen because the certificate is not signed 
> > > > > > > by...
> > > > > > > š š 
> > > > > > > š š To unsubscribe from this group, send email to
> > > > > > > š š android-developers+unsubscr...@googleg...
> > > > > > > š š 
> > > > > > >  > > > > >  s%252bunsubscr...@googlegroups.com>
>
> > > > > > > š š For more options, visit this group at
> > > > > > > š šhttp://groups.google.com/group/android-develope...
>
>

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Re: SSLException: Not trusted server certificate

[gcstang]

See my post here :

http://groups.google.com/group/android-developers/browse_thread/thread/62d856cdcfa9f16e/dd59b1998d23a660?lnk=gst&q=SSL+fake+cert#dd59b1998d23a660


On Aug 24, 2:48 am, Ajay  wrote:
> Hi,
>
> Since my app is going to access our own servers, I think I can use the
> hack of trusting all certificates. I tried the following & still
> fails :-(
>
> SchemeRegistry schemeRegistry = new SchemeRegistry();
> SSLSocketFactory sslSocketFactory =
> SSLSocketFactory.getSocketFactory();
>
> sslSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
> schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));
>
> ClientConnectionManager manager = new
> ThreadSafeClientConnManager(httpParam, schemeRegistry);
> DefaultHttpClient client = new DefaultHttpClient(manager, httpParam);
>
> Thank you,
> AJ
>
> On Aug 22, 12:10 am, Bob Kerns  wrote:
>
> > The CA root certificates have very long expiration dates, so this is
> > much less of a problem than you may assume.
>
> > It's still an issue -- CA certs could possibly be revoked in the event
> > of a vulnerability or theft. But those are relatively remote
> > possibilities, beyond what most phone apps would need to consider.
>
> > On Aug 21, 9:16 am, DanH  wrote:
>
> > > The current cert may only be good for another 6-12 months.  And if the
> > > site isn't directly under the control of the app developer, the cert
> > > may change at any time, and may even be changed to use a different
> > > root.
>
> > > There's probably no good solution to this problem, but the best I can
> > > think of is to embed another app in your app that simply installs the
> > > necessary cert(s), then have a way for that app to be updated as
> > > needed.
>
> > > On Aug 21, 7:09šam, Kostya Vasilyev  wrote:
>
> > > > Right, it does. If the site in question is part of the phone 
> > > > application's
> > > > infrastructure, I personally would find it acceptable.
>
> > > > --
> > > > Kostya Vasilyev --http://kmansoft.wordpress.com
>
> > > > 21.08.2010 16:06 ÐÏÌØÚÏ×ÁÔÅÌØ "DanH"  ÎÁÐÉÓÁÌ:
>
> > > > That assumes that the web site's cert won't change for the life of the
> > > > app.
>
> > > > On Aug 21, 3:18 am, Kostya Vasilyev  wrote:
>
> > > > > šAjay,
>
> > > > > A more cryptographically correct solution would be to install the
> > > > > missing Óertfiicate pieces wit...
> > > > > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev  > > > > >  > > > > > š š You being able to open the site in desktop browser and on a
> > > > > > š š Blackberry seems to impl...
>
> > > >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > > > > > š š This is a hack to accept all certificates.
>
> > > > > > š š -- Kostya
>
> > > > > > š š 20.08.2010 16:07,...
> > > > > > š š š š using the following 
> > > > > > site:http://www.digicert.com/helpandittold
> > > > > > š š š š that it was installed properly on the server.
>
> > > > > > š š š š On Aug 20, 4:39 pm, Kostya V...
> > > > > > š š š š > šwrote:
>
> > > > > > š š š š š š šAjay,
>
> > > > > > š š š š š š This can happen because the certificate is not signed 
> > > > > > by...
> > > > > > š š 
> > > > > > š š To unsubscribe from this group, send email to
> > > > > > š š android-developers+unsubscr...@googleg...
> > > > > > š š 
> > > > > >  > > > >  s%252bunsubscr...@googlegroups.com>
>
> > > > > > š š For more options, visit this group at
> > > > > > š šhttp://groups.google.com/group/android-develope...

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Re: SSLException: Not trusted server certificate

[DanH]

The roots tend to have long dates, but not the app certs.  So you'd
want to ship the root cert if you ship something, I guess.

Seems to me it would make sense, though, to have "unusual" root certs
in the store, so they could be downloaded from a trusted source.

(We ran into this same problem on a Symbian platform -- several of
Thawte's certs are not installed on the phones from the factory.)

On Aug 21, 2:10 pm, Bob Kerns  wrote:
> The CA root certificates have very long expiration dates, so this is
> much less of a problem than you may assume.
>
> It's still an issue -- CA certs could possibly be revoked in the event
> of a vulnerability or theft. But those are relatively remote
> possibilities, beyond what most phone apps would need to consider.
>
> On Aug 21, 9:16 am, DanH  wrote:
>
> > The current cert may only be good for another 6-12 months.  And if the
> > site isn't directly under the control of the app developer, the cert
> > may change at any time, and may even be changed to use a different
> > root.
>
> > There's probably no good solution to this problem, but the best I can
> > think of is to embed another app in your app that simply installs the
> > necessary cert(s), then have a way for that app to be updated as
> > needed.
>
> > On Aug 21, 7:09šam, Kostya Vasilyev  wrote:
>
> > > Right, it does. If the site in question is part of the phone application's
> > > infrastructure, I personally would find it acceptable.
>
> > > --
> > > Kostya Vasilyev --http://kmansoft.wordpress.com
>
> > > 21.08.2010 16:06 ÐÏÌØÚÏ×ÁÔÅÌØ "DanH"  ÎÁÐÉÓÁÌ:
>
> > > That assumes that the web site's cert won't change for the life of the
> > > app.
>
> > > On Aug 21, 3:18 am, Kostya Vasilyev  wrote:
>
> > > > š Ajay,
>
> > > > A more cryptographically correct solution would be to install the
> > > > missing Óertfiicate pieces wit...
> > > > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev  > > > >  > > > > š š You being able to open the site in desktop browser and on a
> > > > > š š Blackberry seems to impl...
>
> > >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > > > > š š This is a hack to accept all certificates.
>
> > > > > š š -- Kostya
>
> > > > > š š 20.08.2010 16:07,...
> > > > > š š š š using the following site:http://www.digicert.com/helpandittold
> > > > > š š š š that it was installed properly on the server.
>
> > > > > š š š š On Aug 20, 4:39 pm, Kostya V...
> > > > > š š š š > šwrote:
>
> > > > > š š š š š š š Ajay,
>
> > > > > š š š š š š This can happen because the certificate is not signed 
> > > > > by...
> > > > > š š 
> > > > > š š To unsubscribe from this group, send email to
> > > > > š š android-developers+unsubscr...@googleg...
> > > > > š š 
> > > > >  > > >  s%252bunsubscr...@googlegroups.com>
>
> > > > > š š For more options, visit this group at
> > > > > š šhttp://groups.google.com/group/android-develope...

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Re: SSLException: Not trusted server certificate

[Ajay]

Hi,

Since my app is going to access our own servers, I think I can use the
hack of trusting all certificates. I tried the following & still
fails :-(

SchemeRegistry schemeRegistry = new SchemeRegistry();
SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();

sslSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));

ClientConnectionManager manager = new
ThreadSafeClientConnManager(httpParam, schemeRegistry);
DefaultHttpClient client = new DefaultHttpClient(manager, httpParam);


Thank you,
AJ

On Aug 22, 12:10 am, Bob Kerns  wrote:
> The CA root certificates have very long expiration dates, so this is
> much less of a problem than you may assume.
>
> It's still an issue -- CA certs could possibly be revoked in the event
> of a vulnerability or theft. But those are relatively remote
> possibilities, beyond what most phone apps would need to consider.
>
> On Aug 21, 9:16 am, DanH  wrote:
>
> > The current cert may only be good for another 6-12 months.  And if the
> > site isn't directly under the control of the app developer, the cert
> > may change at any time, and may even be changed to use a different
> > root.
>
> > There's probably no good solution to this problem, but the best I can
> > think of is to embed another app in your app that simply installs the
> > necessary cert(s), then have a way for that app to be updated as
> > needed.
>
> > On Aug 21, 7:09šam, Kostya Vasilyev  wrote:
>
> > > Right, it does. If the site in question is part of the phone application's
> > > infrastructure, I personally would find it acceptable.
>
> > > --
> > > Kostya Vasilyev --http://kmansoft.wordpress.com
>
> > > 21.08.2010 16:06 ÐÏÌØÚÏ×ÁÔÅÌØ "DanH"  ÎÁÐÉÓÁÌ:
>
> > > That assumes that the web site's cert won't change for the life of the
> > > app.
>
> > > On Aug 21, 3:18 am, Kostya Vasilyev  wrote:
>
> > > > šAjay,
>
> > > > A more cryptographically correct solution would be to install the
> > > > missing Óertfiicate pieces wit...
> > > > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev  > > > >  > > > > š š You being able to open the site in desktop browser and on a
> > > > > š š Blackberry seems to impl...
>
> > >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > > > > š š This is a hack to accept all certificates.
>
> > > > > š š -- Kostya
>
> > > > > š š 20.08.2010 16:07,...
> > > > > š š š š using the following site:http://www.digicert.com/helpandittold
> > > > > š š š š that it was installed properly on the server.
>
> > > > > š š š š On Aug 20, 4:39 pm, Kostya V...
> > > > > š š š š > šwrote:
>
> > > > > š š š š š š šAjay,
>
> > > > > š š š š š š This can happen because the certificate is not signed 
> > > > > by...
> > > > > š š 
> > > > > š š To unsubscribe from this group, send email to
> > > > > š š android-developers+unsubscr...@googleg...
> > > > > š š 
> > > > >  > > >  s%252bunsubscr...@googlegroups.com>
>
> > > > > š š For more options, visit this group at
> > > > > š šhttp://groups.google.com/group/android-develope...
>
>

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Re: SSLException: Not trusted server certificate

[Bob Kerns]

The CA root certificates have very long expiration dates, so this is
much less of a problem than you may assume.

It's still an issue -- CA certs could possibly be revoked in the event
of a vulnerability or theft. But those are relatively remote
possibilities, beyond what most phone apps would need to consider.

On Aug 21, 9:16 am, DanH  wrote:
> The current cert may only be good for another 6-12 months.  And if the
> site isn't directly under the control of the app developer, the cert
> may change at any time, and may even be changed to use a different
> root.
>
> There's probably no good solution to this problem, but the best I can
> think of is to embed another app in your app that simply installs the
> necessary cert(s), then have a way for that app to be updated as
> needed.
>
> On Aug 21, 7:09šam, Kostya Vasilyev  wrote:
>
>
>
> > Right, it does. If the site in question is part of the phone application's
> > infrastructure, I personally would find it acceptable.
>
> > --
> > Kostya Vasilyev --http://kmansoft.wordpress.com
>
> > 21.08.2010 16:06 ÐÏÌØÚÏ×ÁÔÅÌØ "DanH"  ÎÁÐÉÓÁÌ:
>
> > That assumes that the web site's cert won't change for the life of the
> > app.
>
> > On Aug 21, 3:18 am, Kostya Vasilyev  wrote:
>
> > > š Ajay,
>
> > > A more cryptographically correct solution would be to install the
> > > missing Óertfiicate pieces wit...
> > > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev  > > >  > > > š š You being able to open the site in desktop browser and on a
> > > > š š Blackberry seems to impl...
>
> >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > > > š š This is a hack to accept all certificates.
>
> > > > š š -- Kostya
>
> > > > š š 20.08.2010 16:07,...
> > > > š š š š using the following site:http://www.digicert.com/helpandittold
> > > > š š š š that it was installed properly on the server.
>
> > > > š š š š On Aug 20, 4:39 pm, Kostya V...
> > > > š š š š > šwrote:
>
> > > > š š š š š š š Ajay,
>
> > > > š š š š š š This can happen because the certificate is not signed by...
> > > > š š 
> > > > š š To unsubscribe from this group, send email to
> > > > š š android-developers+unsubscr...@googleg...
> > > > š š 
> > > >  > >  s%252bunsubscr...@googlegroups.com>
>
> > > > š š For more options, visit this group at
> > > > š šhttp://groups.google.com/group/android-develope...

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Re: SSLException: Not trusted server certificate

[DanH]

The current cert may only be good for another 6-12 months.  And if the
site isn't directly under the control of the app developer, the cert
may change at any time, and may even be changed to use a different
root.

There's probably no good solution to this problem, but the best I can
think of is to embed another app in your app that simply installs the
necessary cert(s), then have a way for that app to be updated as
needed.

On Aug 21, 7:09 am, Kostya Vasilyev  wrote:
> Right, it does. If the site in question is part of the phone application's
> infrastructure, I personally would find it acceptable.
>
> --
> Kostya Vasilyev --http://kmansoft.wordpress.com
>
> 21.08.2010 16:06 пользователь "DanH"  написал:
>
> That assumes that the web site's cert won't change for the life of the
> app.
>
> On Aug 21, 3:18 am, Kostya Vasilyev  wrote:
>
> >   Ajay,
>
> > A more cryptographically correct solution would be to install the
> > missing сertfiicate pieces wit...
> > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev  > >  > >     You being able to open the site in desktop browser and on a
> > >     Blackberry seems to impl...
>
> http://groups.google.com/group/android-developers/browse_thread/threa...
>
>
>
> > >     This is a hack to accept all certificates.
>
> > >     -- Kostya
>
> > >     20.08.2010 16:07,...
> > >         using the following site:http://www.digicert.com/helpandit told
> > >         that it was installed properly on the server.
>
> > >         On Aug 20, 4:39 pm, Kostya V...
> > >         >  wrote:
>
> > >               Ajay,
>
> > >             This can happen because the certificate is not signed by...
> > >     
> > >     To unsubscribe from this group, send email to
> > >     android-developers+unsubscr...@googleg...
> > >     
> > > 
> > >     For more options, visit this group at
> > >    http://groups.google.com/group/android-develope...

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: SSLException: Not trusted server certificate

[Kostya Vasilyev]

Right, it does. If the site in question is part of the phone application's
infrastructure, I personally would find it acceptable.

--
Kostya Vasilyev -- http://kmansoft.wordpress.com

21.08.2010 16:06 пользователь "DanH"  написал:

That assumes that the web site's cert won't change for the life of the
app.


On Aug 21, 3:18 am, Kostya Vasilyev  wrote:
>   Ajay,
>

> A more cryptographically correct solution would be to install the
> missing сertfiicate pieces wit...

> > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev  >  > You being able to open the site in desktop browser and on a
> > Blackberry seems to impl...
> >
http://groups.google.com/group/android-developers/browse_thread/threa...

>
> > This is a hack to accept all certificates.
>
> > -- Kostya
>
> > 20.08.2010 16:07,...
> > using the following site:http://www.digicert.com/helpand it told

> > that it was installed properly on the server.
>
> > On Aug 20, 4:39 pm, Kostya V...
> > >  wrote:

>
> >   Ajay,
>
> > This can happen because the certificate is not signed by...
> > 

> > To unsubscribe from this group, send email to
> > android-developers+unsubscr...@googleg...
> > 
> > 

> > For more options, visit this group at
> >http://groups.google.com/group/android-develope...

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Re: SSLException: Not trusted server certificate

[DanH]

That assumes that the web site's cert won't change for the life of the
app.

On Aug 21, 3:18 am, Kostya Vasilyev  wrote:
>   Ajay,
>
> A more cryptographically correct solution would be to install the
> missing сertfiicate pieces within your application, rather than
> accepting all certificates.
>
> That could be either the web site certificate itself, or Entrust's CA
> certificate.
>
> -- Kostya
>
> 21.08.2010 6:30, ajay davanam пишет:
>
>
>
> > Hi,
> >    You've hit the bulls-eye!! I think the certificate is issued by
> > Entrust Inc. and all the Android devices I have do not seem to have it
> > installed. I guess I need to work on that hack which would accept all
> > certificates. Thanks Kostya!! I will try it out in the next week and
> > post again.
>
> > Thank you,
> > AJ
>
> > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev  > > wrote:
>
> >      Ajay,
>
> >     You being able to open the site in desktop browser and on a
> >     Blackberry seems to imply that the certificate is valid (not
> >     corrupted) and is not self-signed.
>
> >     Perhaps the certificate was issued by an authority whose
> >     certificate is not installed in Android?
>
> >     Take a look here:
>
> >    http://groups.google.com/group/android-developers/browse_thread/threa...
>
> >     This is a hack to accept all certificates.
>
> >     -- Kostya
>
> >     20.08.2010 16:07, Ajay пишет:
>
> >         Thank you Kostya,
>
> >         I tried accessing the same site on the desktop browser and a
> >         BlackBerry device, and they seem to work fine without a problem. I
> >         verified that the certificate on the server is installed properly
> >         using the following site:http://www.digicert.com/helpand it told
> >         that it was installed properly on the server.
>
> >         On Aug 20, 4:39 pm, Kostya Vasilyev >         >  wrote:
>
> >               Ajay,
>
> >             This can happen because the certificate is not signed by a
> >             trusted
> >             certificate authority (e.g. self-signed), or because the
> >             certificate is
> >             just plain wrong.
>
> >             Try accessing the URL with a desktop browser to find out
> >             what the actual
> >             reason is.
>
> >             If the certificate is good, but is self-signed, search
> >             list archives for
> >             the solution - this comes up quite often.
>
> >             -- Kostya
>
> >             20.08.2010 15:00, Ajay пишет:
>
> >                 Hi,
> >                     I am receiving this exception, when I try to
> >                 access a secure site
> >                 in my App. I am using DefaultHttpClient&  
> >                  BasicHttpParamsclasses for
> >                 Http communication. Any idea what could be the problem
> >                 here?
> >                 Thank you,
> >                 AJ
> >                 
> > 
> >                 javax.net.ssl.SSLException: Not trusted server certificate
> >                      at
> >                 
> > org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
> >                 360)
> >                      at
> >                 
> > org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:
> >                 92)
> >                      at
> >                 
> > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:
> >                 321)
> >                      at
> >                 
> > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
> >                 129)
> >                      at
> >                 
> > org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
> >                 164)
> >                      at
> >                 
> > org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
> >                 119)
> >                      at
> >                 
> > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
> >                 348)
> >                      at
> >                 
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
> >                 555)
> >                      at
> >                 
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
> >                 487)
> >                      at
> >                 
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
> >                 465)
> >                      at java.lang.Thread.run(Thread.java:1096)
> >                 Caused by: java.security.cert.CertificateException:
> >                 jav

Re: [android-developers] Re: SSLException: Not trusted server certificate

[Kostya Vasilyev]

 Ajay,

A more cryptographically correct solution would be to install the 
missing сertfiicate pieces within your application, rather than 
accepting all certificates.


That could be either the web site certificate itself, or Entrust's CA 
certificate.


-- Kostya

21.08.2010 6:30, ajay davanam пишет:

Hi,
   You've hit the bulls-eye!! I think the certificate is issued by 
Entrust Inc. and all the Android devices I have do not seem to have it 
installed. I guess I need to work on that hack which would accept all 
certificates. Thanks Kostya!! I will try it out in the next week and 
post again.


Thank you,
AJ

On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev > wrote:


 Ajay,

You being able to open the site in desktop browser and on a
Blackberry seems to imply that the certificate is valid (not
corrupted) and is not self-signed.

Perhaps the certificate was issued by an authority whose
certificate is not installed in Android?

Take a look here:


http://groups.google.com/group/android-developers/browse_thread/thread/1afdf215aa539ca9/56970e750066e93d

This is a hack to accept all certificates.

-- Kostya

20.08.2010 16:07, Ajay пишет:

Thank you Kostya,

I tried accessing the same site on the desktop browser and a
BlackBerry device, and they seem to work fine without a problem. I
verified that the certificate on the server is installed properly
using the following site: http://www.digicert.com/help and it told
that it was installed properly on the server.

On Aug 20, 4:39 pm, Kostya Vasilyevmailto:kmans...@gmail.com>>  wrote:

  Ajay,

This can happen because the certificate is not signed by a
trusted
certificate authority (e.g. self-signed), or because the
certificate is
just plain wrong.

Try accessing the URL with a desktop browser to find out
what the actual
reason is.

If the certificate is good, but is self-signed, search
list archives for
the solution - this comes up quite often.

-- Kostya

20.08.2010 15:00, Ajay пишет:



Hi,
I am receiving this exception, when I try to
access a secure site
in my App. I am using DefaultHttpClient&  
 BasicHttpParamsclasses for

Http communication. Any idea what could be the problem
here?
Thank you,
AJ


javax.net.ssl.SSLException: Not trusted server certificate
 at

org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
360)
 at

org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:
92)
 at

org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:
321)
 at

org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
129)
 at

org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
164)
 at

org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
119)
 at

org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
348)
 at

org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
555)
 at

org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
487)
 at

org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
465)
 at java.lang.Thread.run(Thread.java:1096)
Caused by: java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException: Could
not validate
certificate signature.
 at

org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
168)
 at

org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
355)
 ... 11 more
Caused by:
java.

Re: [android-developers] Re: SSLException: Not trusted server certificate

[ajay davanam]

Hi,
   You've hit the bulls-eye!! I think the certificate is issued by Entrust
Inc. and all the Android devices I have do not seem to have it installed. I
guess I need to work on that hack which would accept all certificates.
Thanks Kostya!! I will try it out in the next week and post again.

Thank you,
AJ

On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev  wrote:

>  Ajay,
>
> You being able to open the site in desktop browser and on a Blackberry
> seems to imply that the certificate is valid (not corrupted) and is not
> self-signed.
>
> Perhaps the certificate was issued by an authority whose certificate is not
> installed in Android?
>
> Take a look here:
>
>
> http://groups.google.com/group/android-developers/browse_thread/thread/1afdf215aa539ca9/56970e750066e93d
>
> This is a hack to accept all certificates.
>
> -- Kostya
>
> 20.08.2010 16:07, Ajay пишет:
>
>  Thank you Kostya,
>>
>> I tried accessing the same site on the desktop browser and a
>> BlackBerry device, and they seem to work fine without a problem. I
>> verified that the certificate on the server is installed properly
>> using the following site: http://www.digicert.com/help and it told
>> that it was installed properly on the server.
>>
>> On Aug 20, 4:39 pm, Kostya Vasilyev  wrote:
>>
>>>   Ajay,
>>>
>>> This can happen because the certificate is not signed by a trusted
>>> certificate authority (e.g. self-signed), or because the certificate is
>>> just plain wrong.
>>>
>>> Try accessing the URL with a desktop browser to find out what the actual
>>> reason is.
>>>
>>> If the certificate is good, but is self-signed, search list archives for
>>> the solution - this comes up quite often.
>>>
>>> -- Kostya
>>>
>>> 20.08.2010 15:00, Ajay пишет:
>>>
>>>
>>>
>>>  Hi,
 I am receiving this exception, when I try to access a secure site
 in my App. I am using DefaultHttpClient&BasicHttpParamsclasses for
 Http communication. Any idea what could be the problem here?
 Thank you,
 AJ

 
 javax.net.ssl.SSLException: Not trusted server certificate
  at

 org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
 360)
  at
 org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:
 92)
  at

 org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:
 321)
  at

 org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
 129)
  at
 org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
 164)
  at

 org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
 119)
  at

 org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
 348)
  at

 org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
 555)
  at

 org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
 487)
  at

 org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
 465)
  at java.lang.Thread.run(Thread.java:1096)
 Caused by: java.security.cert.CertificateException:
 java.security.cert.CertPathValidatorException: Could not validate
 certificate signature.
  at

 org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
 168)
  at

 org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
 355)
  ... 11 more
 Caused by: java.security.cert.CertPathValidatorException: Could not
 validate certificate signature.
  at

 org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:
 342)
  at
 java.security.cert.CertPathValidator.validate(CertPathValidator.java:
 211)
  at

 org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
 164)
  ... 12 more
 Caused by: java.security.SignatureException: Signature was not
 verified.
  at

 org.apache.harmony.security.provider.cert.X509CertImpl.fastVerify(X509CertImpl.java:
 601)
  at

 org.apache.harmony.security.provider.cert.X509CertImpl.verify(X509CertImpl.java:
 544)
  at

 org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:
 337)
  ... 14 more

>>> --
>>> Kostya Vasilev -- WiFi Manager + pretty widget --
>>> http://kmansoft.wordpress.com
>>>
>>
>
> --
> Kostya Vasilev -- WiFi Manager + pretty wi

Re: [android-developers] Re: SSLException: Not trusted server certificate

[Kostya Vasilyev]

 Ajay,

You being able to open the site in desktop browser and on a Blackberry 
seems to imply that the certificate is valid (not corrupted) and is not 
self-signed.


Perhaps the certificate was issued by an authority whose certificate is 
not installed in Android?


Take a look here:

http://groups.google.com/group/android-developers/browse_thread/thread/1afdf215aa539ca9/56970e750066e93d

This is a hack to accept all certificates.

-- Kostya

20.08.2010 16:07, Ajay пишет:

Thank you Kostya,

I tried accessing the same site on the desktop browser and a
BlackBerry device, and they seem to work fine without a problem. I
verified that the certificate on the server is installed properly
using the following site: http://www.digicert.com/help and it told
that it was installed properly on the server.

On Aug 20, 4:39 pm, Kostya Vasilyev  wrote:

   Ajay,

This can happen because the certificate is not signed by a trusted
certificate authority (e.g. self-signed), or because the certificate is
just plain wrong.

Try accessing the URL with a desktop browser to find out what the actual
reason is.

If the certificate is good, but is self-signed, search list archives for
the solution - this comes up quite often.

-- Kostya

20.08.2010 15:00, Ajay пишет:




Hi,
 I am receiving this exception, when I try to access a secure site
in my App. I am using DefaultHttpClient&BasicHttpParamsclasses for
Http communication. Any idea what could be the problem here?
Thank you,
AJ

javax.net.ssl.SSLException: Not trusted server certificate
  at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
360)
  at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:
92)
  at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:
321)
  at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
129)
  at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
164)
  at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
119)
  at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
348)
  at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
555)
  at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
487)
  at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
465)
  at java.lang.Thread.run(Thread.java:1096)
Caused by: java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException: Could not validate
certificate signature.
  at
org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
168)
  at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
355)
  ... 11 more
Caused by: java.security.cert.CertPathValidatorException: Could not
validate certificate signature.
  at
org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:
342)
  at
java.security.cert.CertPathValidator.validate(CertPathValidator.java:
211)
  at
org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
164)
  ... 12 more
Caused by: java.security.SignatureException: Signature was not
verified.
  at
org.apache.harmony.security.provider.cert.X509CertImpl.fastVerify(X509CertImpl.java:
601)
  at
org.apache.harmony.security.provider.cert.X509CertImpl.verify(X509CertImpl.java:
544)
  at
org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:
337)
  ... 14 more

--
Kostya Vasilev -- WiFi Manager + pretty widget --http://kmansoft.wordpress.com



--
Kostya Vasilev -- WiFi Manager + pretty widget -- http://kmansoft.wordpress.com

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Re: SSLException: Not trusted server certificate

[Ajay]

Thank you Kostya,

I tried accessing the same site on the desktop browser and a
BlackBerry device, and they seem to work fine without a problem. I
verified that the certificate on the server is installed properly
using the following site: http://www.digicert.com/help and it told
that it was installed properly on the server.

On Aug 20, 4:39 pm, Kostya Vasilyev  wrote:
>   Ajay,
>
> This can happen because the certificate is not signed by a trusted
> certificate authority (e.g. self-signed), or because the certificate is
> just plain wrong.
>
> Try accessing the URL with a desktop browser to find out what the actual
> reason is.
>
> If the certificate is good, but is self-signed, search list archives for
> the solution - this comes up quite often.
>
> -- Kostya
>
> 20.08.2010 15:00, Ajay пишет:
>
>
>
> > Hi,
> >     I am receiving this exception, when I try to access a secure site
> > in my App. I am using DefaultHttpClient&  BasicHttpParamsclasses for
> > Http communication. Any idea what could be the problem here?
>
> > Thank you,
> > AJ
>
> > 
> > javax.net.ssl.SSLException: Not trusted server certificate
> >      at
> > org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
> > 360)
> >      at
> > org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:
> > 92)
> >      at
> > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:
> > 321)
> >      at
> > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
> > 129)
> >      at
> > org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
> > 164)
> >      at
> > org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
> > 119)
> >      at
> > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
> > 348)
> >      at
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
> > 555)
> >      at
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
> > 487)
> >      at
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
> > 465)
>
> >      at java.lang.Thread.run(Thread.java:1096)
> > Caused by: java.security.cert.CertificateException:
> > java.security.cert.CertPathValidatorException: Could not validate
> > certificate signature.
> >      at
> > org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
> > 168)
> >      at
> > org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
> > 355)
> >      ... 11 more
> > Caused by: java.security.cert.CertPathValidatorException: Could not
> > validate certificate signature.
> >      at
> > org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:
> > 342)
> >      at
> > java.security.cert.CertPathValidator.validate(CertPathValidator.java:
> > 211)
> >      at
> > org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
> > 164)
> >      ... 12 more
> > Caused by: java.security.SignatureException: Signature was not
> > verified.
> >      at
> > org.apache.harmony.security.provider.cert.X509CertImpl.fastVerify(X509CertImpl.java:
> > 601)
> >      at
> > org.apache.harmony.security.provider.cert.X509CertImpl.verify(X509CertImpl.java:
> > 544)
> >      at
> > org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:
> > 337)
> >      ... 14 more
>
> --
> Kostya Vasilev -- WiFi Manager + pretty widget --http://kmansoft.wordpress.com

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en