Ajay,
A more cryptographically correct solution would be to install the
missing сertfiicate pieces within your application, rather than
accepting all certificates.
That could be either the web site certificate itself, or Entrust's CA
certificate.
-- Kostya
21.08.2010 6:30, ajay davanam пишет:
Hi,
You've hit the bulls-eye!! I think the certificate is issued by
Entrust Inc. and all the Android devices I have do not seem to have it
installed. I guess I need to work on that hack which would accept all
certificates. Thanks Kostya!! I will try it out in the next week and
post again.
Thank you,
AJ
On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev <kmans...@gmail.com
<mailto:kmans...@gmail.com>> wrote:
Ajay,
You being able to open the site in desktop browser and on a
Blackberry seems to imply that the certificate is valid (not
corrupted) and is not self-signed.
Perhaps the certificate was issued by an authority whose
certificate is not installed in Android?
Take a look here:
http://groups.google.com/group/android-developers/browse_thread/thread/1afdf215aa539ca9/56970e750066e93d
This is a hack to accept all certificates.
-- Kostya
20.08.2010 16:07, Ajay пишет:
Thank you Kostya,
I tried accessing the same site on the desktop browser and a
BlackBerry device, and they seem to work fine without a problem. I
verified that the certificate on the server is installed properly
using the following site: http://www.digicert.com/help and it told
that it was installed properly on the server.
On Aug 20, 4:39 pm, Kostya Vasilyev<kmans...@gmail.com
<mailto:kmans...@gmail.com>> wrote:
Ajay,
This can happen because the certificate is not signed by a
trusted
certificate authority (e.g. self-signed), or because the
certificate is
just plain wrong.
Try accessing the URL with a desktop browser to find out
what the actual
reason is.
If the certificate is good, but is self-signed, search
list archives for
the solution - this comes up quite often.
-- Kostya
20.08.2010 15:00, Ajay пишет:
Hi,
I am receiving this exception, when I try to
access a secure site
in my App. I am using DefaultHttpClient&
BasicHttpParamsclasses for
Http communication. Any idea what could be the problem
here?
Thank you,
AJ
----------------------------------------------------------------------------------------------------------------------------------------------------
javax.net.ssl.SSLException: Not trusted server certificate
at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
360)
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:
92)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:
321)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
129)
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
164)
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
119)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
348)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
555)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
487)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
465)
at java.lang.Thread.run(Thread.java:1096)
Caused by: java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException: Could
not validate
certificate signature.
at
org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
168)
at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
355)
... 11 more
Caused by:
java.security.cert.CertPathValidatorException: Could not
validate certificate signature.
at
org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:
342)
at
java.security.cert.CertPathValidator.validate(CertPathValidator.java:
211)
at
org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
164)
... 12 more
Caused by: java.security.SignatureException: Signature
was not
verified.
at
org.apache.harmony.security.provider.cert.X509CertImpl.fastVerify(X509CertImpl.java:
601)
at
org.apache.harmony.security.provider.cert.X509CertImpl.verify(X509CertImpl.java:
544)
at
org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:
337)
... 14 more
--
Kostya Vasilev -- WiFi Manager + pretty widget
--http://kmansoft.wordpress.com
--
Kostya Vasilev -- WiFi Manager + pretty widget --
http://kmansoft.wordpress.com
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to
android-developers@googlegroups.com
<mailto:android-developers@googlegroups.com>
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
<mailto:android-developers%2bunsubscr...@googlegroups.com>
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--
Kostya Vasilev -- WiFi Manager + pretty widget -- http://kmansoft.wordpress.com
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
