javax.net.ssl.SSLHandshakeException?












2














I'm trying to connect to a WCF server using HTTPS connection (UrlHttpsConnection class) and always get the error "Trust anchor for certification path not found".
I found thousands examples on the Web about that issue but nothing that really helps me.



My WCF service works with a certificate signed by an internal CA that has been added to the list of trusted CAs on my smartphone. If I call the url https://myserver/myservice/test from Chrome on my smartphone, I no longer have warning, the certificate is considered as valid. From my app, I keep getting the error message.



Do you know why my app does not consider the server certificate as valid while Chrome does ? How can I fix that ?



For security reasons, I don't want ignore the SSL verification.



Thank you in advance for your suggestions.










share|improve this question
























  • because when call api that time pass ssl certificate.
    – Android Team
    Nov 21 at 10:22
















2














I'm trying to connect to a WCF server using HTTPS connection (UrlHttpsConnection class) and always get the error "Trust anchor for certification path not found".
I found thousands examples on the Web about that issue but nothing that really helps me.



My WCF service works with a certificate signed by an internal CA that has been added to the list of trusted CAs on my smartphone. If I call the url https://myserver/myservice/test from Chrome on my smartphone, I no longer have warning, the certificate is considered as valid. From my app, I keep getting the error message.



Do you know why my app does not consider the server certificate as valid while Chrome does ? How can I fix that ?



For security reasons, I don't want ignore the SSL verification.



Thank you in advance for your suggestions.










share|improve this question
























  • because when call api that time pass ssl certificate.
    – Android Team
    Nov 21 at 10:22














2












2








2







I'm trying to connect to a WCF server using HTTPS connection (UrlHttpsConnection class) and always get the error "Trust anchor for certification path not found".
I found thousands examples on the Web about that issue but nothing that really helps me.



My WCF service works with a certificate signed by an internal CA that has been added to the list of trusted CAs on my smartphone. If I call the url https://myserver/myservice/test from Chrome on my smartphone, I no longer have warning, the certificate is considered as valid. From my app, I keep getting the error message.



Do you know why my app does not consider the server certificate as valid while Chrome does ? How can I fix that ?



For security reasons, I don't want ignore the SSL verification.



Thank you in advance for your suggestions.










share|improve this question















I'm trying to connect to a WCF server using HTTPS connection (UrlHttpsConnection class) and always get the error "Trust anchor for certification path not found".
I found thousands examples on the Web about that issue but nothing that really helps me.



My WCF service works with a certificate signed by an internal CA that has been added to the list of trusted CAs on my smartphone. If I call the url https://myserver/myservice/test from Chrome on my smartphone, I no longer have warning, the certificate is considered as valid. From my app, I keep getting the error message.



Do you know why my app does not consider the server certificate as valid while Chrome does ? How can I fix that ?



For security reasons, I don't want ignore the SSL verification.



Thank you in advance for your suggestions.







java android ssl ca






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 21 at 10:46









Fantômas

32.3k156288




32.3k156288










asked Nov 21 at 10:21









n_stack

161




161












  • because when call api that time pass ssl certificate.
    – Android Team
    Nov 21 at 10:22


















  • because when call api that time pass ssl certificate.
    – Android Team
    Nov 21 at 10:22
















because when call api that time pass ssl certificate.
– Android Team
Nov 21 at 10:22




because when call api that time pass ssl certificate.
– Android Team
Nov 21 at 10:22












1 Answer
1






active

oldest

votes


















0














Try this way but i used retrofit for api calling..



  public class ApiClient {
//public final static String BASE_URL = "https://prod.appowiz.com/app/services/";
public final static String BASE_URL_SECURE = "Pass your url";

public static ApiClient apiClient;

private Retrofit retrofit = null;
private static Retrofit storeRetrofit = null;

public Retrofit getClient(Context context) {
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient client = new OkHttpClient.Builder().addInterceptor(interceptor).build();

retrofit = new Retrofit.Builder()
.baseUrl(BASE_URL_SECURE)
.addConverterFactory(GsonConverterFactory.create())
.client(client)
.build();


return retrofit;
}
public static Retrofit getStore() {
if (storeRetrofit == null) {
final TrustManager trustAllCerts = new TrustManager{new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate chain, String authType) {

}


@Override
public void checkServerTrusted(java.security.cert.X509Certificate chain, String authType) {

}


@Override
public java.security.cert.X509Certificate getAcceptedIssuers() {

return new java.security.cert.X509Certificate[0];
}
}};

// Install the all-trusting trust manager
final SSLContext sslContext;
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
try {
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
final OkHttpClient okHttpClient = new OkHttpClient.Builder()
.addInterceptor(interceptor)
.connectTimeout(10, TimeUnit.SECONDS)
.writeTimeout(10, TimeUnit.SECONDS)
.readTimeout(30, TimeUnit.SECONDS)
.sslSocketFactory(sslSocketFactory).hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
.build();
storeRetrofit = new Retrofit.Builder()
.baseUrl(BASE_URL_SECURE)
.addConverterFactory(GsonConverterFactory.create())
.client(okHttpClient)
.build();


} catch (NoSuchAlgorithmException | KeyManagementException e1) {
CustomLogHandler.printErrorlog(e1);
}

}

return storeRetrofit;
}


for api calling create interface..



public interface ApiInterface {

@POST("device/add_device_name")
Call<AddDeviceNameVo> addDeviceName(@Body JsonObject body);

}


called api into activity or fragment like this way..



        apiInterface = ApiClient.getStore().create(ApiInterface.class);





share|improve this answer





















  • more information refer this link square.github.io/retrofit
    – Android Team
    Nov 21 at 10:28











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53409889%2fjavax-net-ssl-sslhandshakeexception%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














Try this way but i used retrofit for api calling..



  public class ApiClient {
//public final static String BASE_URL = "https://prod.appowiz.com/app/services/";
public final static String BASE_URL_SECURE = "Pass your url";

public static ApiClient apiClient;

private Retrofit retrofit = null;
private static Retrofit storeRetrofit = null;

public Retrofit getClient(Context context) {
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient client = new OkHttpClient.Builder().addInterceptor(interceptor).build();

retrofit = new Retrofit.Builder()
.baseUrl(BASE_URL_SECURE)
.addConverterFactory(GsonConverterFactory.create())
.client(client)
.build();


return retrofit;
}
public static Retrofit getStore() {
if (storeRetrofit == null) {
final TrustManager trustAllCerts = new TrustManager{new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate chain, String authType) {

}


@Override
public void checkServerTrusted(java.security.cert.X509Certificate chain, String authType) {

}


@Override
public java.security.cert.X509Certificate getAcceptedIssuers() {

return new java.security.cert.X509Certificate[0];
}
}};

// Install the all-trusting trust manager
final SSLContext sslContext;
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
try {
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
final OkHttpClient okHttpClient = new OkHttpClient.Builder()
.addInterceptor(interceptor)
.connectTimeout(10, TimeUnit.SECONDS)
.writeTimeout(10, TimeUnit.SECONDS)
.readTimeout(30, TimeUnit.SECONDS)
.sslSocketFactory(sslSocketFactory).hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
.build();
storeRetrofit = new Retrofit.Builder()
.baseUrl(BASE_URL_SECURE)
.addConverterFactory(GsonConverterFactory.create())
.client(okHttpClient)
.build();


} catch (NoSuchAlgorithmException | KeyManagementException e1) {
CustomLogHandler.printErrorlog(e1);
}

}

return storeRetrofit;
}


for api calling create interface..



public interface ApiInterface {

@POST("device/add_device_name")
Call<AddDeviceNameVo> addDeviceName(@Body JsonObject body);

}


called api into activity or fragment like this way..



        apiInterface = ApiClient.getStore().create(ApiInterface.class);





share|improve this answer





















  • more information refer this link square.github.io/retrofit
    – Android Team
    Nov 21 at 10:28
















0














Try this way but i used retrofit for api calling..



  public class ApiClient {
//public final static String BASE_URL = "https://prod.appowiz.com/app/services/";
public final static String BASE_URL_SECURE = "Pass your url";

public static ApiClient apiClient;

private Retrofit retrofit = null;
private static Retrofit storeRetrofit = null;

public Retrofit getClient(Context context) {
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient client = new OkHttpClient.Builder().addInterceptor(interceptor).build();

retrofit = new Retrofit.Builder()
.baseUrl(BASE_URL_SECURE)
.addConverterFactory(GsonConverterFactory.create())
.client(client)
.build();


return retrofit;
}
public static Retrofit getStore() {
if (storeRetrofit == null) {
final TrustManager trustAllCerts = new TrustManager{new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate chain, String authType) {

}


@Override
public void checkServerTrusted(java.security.cert.X509Certificate chain, String authType) {

}


@Override
public java.security.cert.X509Certificate getAcceptedIssuers() {

return new java.security.cert.X509Certificate[0];
}
}};

// Install the all-trusting trust manager
final SSLContext sslContext;
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
try {
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
final OkHttpClient okHttpClient = new OkHttpClient.Builder()
.addInterceptor(interceptor)
.connectTimeout(10, TimeUnit.SECONDS)
.writeTimeout(10, TimeUnit.SECONDS)
.readTimeout(30, TimeUnit.SECONDS)
.sslSocketFactory(sslSocketFactory).hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
.build();
storeRetrofit = new Retrofit.Builder()
.baseUrl(BASE_URL_SECURE)
.addConverterFactory(GsonConverterFactory.create())
.client(okHttpClient)
.build();


} catch (NoSuchAlgorithmException | KeyManagementException e1) {
CustomLogHandler.printErrorlog(e1);
}

}

return storeRetrofit;
}


for api calling create interface..



public interface ApiInterface {

@POST("device/add_device_name")
Call<AddDeviceNameVo> addDeviceName(@Body JsonObject body);

}


called api into activity or fragment like this way..



        apiInterface = ApiClient.getStore().create(ApiInterface.class);





share|improve this answer





















  • more information refer this link square.github.io/retrofit
    – Android Team
    Nov 21 at 10:28














0












0








0






Try this way but i used retrofit for api calling..



  public class ApiClient {
//public final static String BASE_URL = "https://prod.appowiz.com/app/services/";
public final static String BASE_URL_SECURE = "Pass your url";

public static ApiClient apiClient;

private Retrofit retrofit = null;
private static Retrofit storeRetrofit = null;

public Retrofit getClient(Context context) {
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient client = new OkHttpClient.Builder().addInterceptor(interceptor).build();

retrofit = new Retrofit.Builder()
.baseUrl(BASE_URL_SECURE)
.addConverterFactory(GsonConverterFactory.create())
.client(client)
.build();


return retrofit;
}
public static Retrofit getStore() {
if (storeRetrofit == null) {
final TrustManager trustAllCerts = new TrustManager{new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate chain, String authType) {

}


@Override
public void checkServerTrusted(java.security.cert.X509Certificate chain, String authType) {

}


@Override
public java.security.cert.X509Certificate getAcceptedIssuers() {

return new java.security.cert.X509Certificate[0];
}
}};

// Install the all-trusting trust manager
final SSLContext sslContext;
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
try {
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
final OkHttpClient okHttpClient = new OkHttpClient.Builder()
.addInterceptor(interceptor)
.connectTimeout(10, TimeUnit.SECONDS)
.writeTimeout(10, TimeUnit.SECONDS)
.readTimeout(30, TimeUnit.SECONDS)
.sslSocketFactory(sslSocketFactory).hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
.build();
storeRetrofit = new Retrofit.Builder()
.baseUrl(BASE_URL_SECURE)
.addConverterFactory(GsonConverterFactory.create())
.client(okHttpClient)
.build();


} catch (NoSuchAlgorithmException | KeyManagementException e1) {
CustomLogHandler.printErrorlog(e1);
}

}

return storeRetrofit;
}


for api calling create interface..



public interface ApiInterface {

@POST("device/add_device_name")
Call<AddDeviceNameVo> addDeviceName(@Body JsonObject body);

}


called api into activity or fragment like this way..



        apiInterface = ApiClient.getStore().create(ApiInterface.class);





share|improve this answer












Try this way but i used retrofit for api calling..



  public class ApiClient {
//public final static String BASE_URL = "https://prod.appowiz.com/app/services/";
public final static String BASE_URL_SECURE = "Pass your url";

public static ApiClient apiClient;

private Retrofit retrofit = null;
private static Retrofit storeRetrofit = null;

public Retrofit getClient(Context context) {
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient client = new OkHttpClient.Builder().addInterceptor(interceptor).build();

retrofit = new Retrofit.Builder()
.baseUrl(BASE_URL_SECURE)
.addConverterFactory(GsonConverterFactory.create())
.client(client)
.build();


return retrofit;
}
public static Retrofit getStore() {
if (storeRetrofit == null) {
final TrustManager trustAllCerts = new TrustManager{new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate chain, String authType) {

}


@Override
public void checkServerTrusted(java.security.cert.X509Certificate chain, String authType) {

}


@Override
public java.security.cert.X509Certificate getAcceptedIssuers() {

return new java.security.cert.X509Certificate[0];
}
}};

// Install the all-trusting trust manager
final SSLContext sslContext;
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
try {
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
final OkHttpClient okHttpClient = new OkHttpClient.Builder()
.addInterceptor(interceptor)
.connectTimeout(10, TimeUnit.SECONDS)
.writeTimeout(10, TimeUnit.SECONDS)
.readTimeout(30, TimeUnit.SECONDS)
.sslSocketFactory(sslSocketFactory).hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
.build();
storeRetrofit = new Retrofit.Builder()
.baseUrl(BASE_URL_SECURE)
.addConverterFactory(GsonConverterFactory.create())
.client(okHttpClient)
.build();


} catch (NoSuchAlgorithmException | KeyManagementException e1) {
CustomLogHandler.printErrorlog(e1);
}

}

return storeRetrofit;
}


for api calling create interface..



public interface ApiInterface {

@POST("device/add_device_name")
Call<AddDeviceNameVo> addDeviceName(@Body JsonObject body);

}


called api into activity or fragment like this way..



        apiInterface = ApiClient.getStore().create(ApiInterface.class);






share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 21 at 10:27









Android Team

7,47411033




7,47411033












  • more information refer this link square.github.io/retrofit
    – Android Team
    Nov 21 at 10:28


















  • more information refer this link square.github.io/retrofit
    – Android Team
    Nov 21 at 10:28
















more information refer this link square.github.io/retrofit
– Android Team
Nov 21 at 10:28




more information refer this link square.github.io/retrofit
– Android Team
Nov 21 at 10:28


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53409889%2fjavax-net-ssl-sslhandshakeexception%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

404 Error Contact Form 7 ajax form submitting

How to know if a Active Directory user can login interactively

Refactoring coordinates for Minecraft Pi buildings written in Python