That assumes that the web site's cert won't change for the life of the app.
On Aug 21, 3:18 am, Kostya Vasilyev <kmans...@gmail.com> wrote: > Ajay, > > A more cryptographically correct solution would be to install the > missing сertfiicate pieces within your application, rather than > accepting all certificates. > > That could be either the web site certificate itself, or Entrust's CA > certificate. > > -- Kostya > > 21.08.2010 6:30, ajay davanam пишет: > > > > > Hi, > > You've hit the bulls-eye!! I think the certificate is issued by > > Entrust Inc. and all the Android devices I have do not seem to have it > > installed. I guess I need to work on that hack which would accept all > > certificates. Thanks Kostya!! I will try it out in the next week and > > post again. > > > Thank you, > > AJ > > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev <kmans...@gmail.com > > <mailto:kmans...@gmail.com>> wrote: > > > Ajay, > > > You being able to open the site in desktop browser and on a > > Blackberry seems to imply that the certificate is valid (not > > corrupted) and is not self-signed. > > > Perhaps the certificate was issued by an authority whose > > certificate is not installed in Android? > > > Take a look here: > > > http://groups.google.com/group/android-developers/browse_thread/threa... > > > This is a hack to accept all certificates. > > > -- Kostya > > > 20.08.2010 16:07, Ajay пишет: > > > Thank you Kostya, > > > I tried accessing the same site on the desktop browser and a > > BlackBerry device, and they seem to work fine without a problem. I > > verified that the certificate on the server is installed properly > > using the following site:http://www.digicert.com/helpand it told > > that it was installed properly on the server. > > > On Aug 20, 4:39 pm, Kostya Vasilyev<kmans...@gmail.com > > <mailto:kmans...@gmail.com>> wrote: > > > Ajay, > > > This can happen because the certificate is not signed by a > > trusted > > certificate authority (e.g. self-signed), or because the > > certificate is > > just plain wrong. > > > Try accessing the URL with a desktop browser to find out > > what the actual > > reason is. > > > If the certificate is good, but is self-signed, search > > list archives for > > the solution - this comes up quite often. > > > -- Kostya > > > 20.08.2010 15:00, Ajay пишет: > > > Hi, > > I am receiving this exception, when I try to > > access a secure site > > in my App. I am using DefaultHttpClient& > > BasicHttpParamsclasses for > > Http communication. Any idea what could be the problem > > here? > > Thank you, > > AJ > > > > ---------------------------------------------------------------------------------------------------------------------------------------------------- > > javax.net.ssl.SSLException: Not trusted server certificate > > at > > > > org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java: > > 360) > > at > > > > org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java: > > 92) > > at > > > > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java: > > 321) > > at > > > > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java: > > 129) > > at > > > > org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java: > > 164) > > at > > > > org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java: > > 119) > > at > > > > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java: > > 348) > > at > > > > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java: > > 555) > > at > > > > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java: > > 487) > > at > > > > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java: > > 465) > > at java.lang.Thread.run(Thread.java:1096) > > Caused by: java.security.cert.CertificateException: > > java.security.cert.CertPathValidatorException: Could > > not validate > > certificate signature. > > at > > > > org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java: > > 168) > > at > > > > org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java: > > 355) > > ... 11 more > > Caused by: > > java.security.cert.CertPathValidatorException: Could not > > validate certificate signature. > > at > > > > org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java: > > 342) > > at > > > > java.security.cert.CertPathValidator.validate(CertPathValidator.java: > > 211) > > at > > > > org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java: > > 164) > > ... 12 more > > Caused by: java.security.SignatureException: Signature > > was not > > verified. > > at > > > > org.apache.harmony.security.provider.cert.X509CertImpl.fastVerify(X509CertImpl.java: > > 601) > > at > > > > org.apache.harmony.security.provider.cert.X509CertImpl.verify(X509CertImpl.java: > > 544) > > at > > > > org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java: > > 337) > > ... 14 more > > > -- > > Kostya Vasilev -- WiFi Manager + pretty widget > > --http://kmansoft.wordpress.com > > > -- > > Kostya Vasilev -- WiFi Manager + pretty widget -- > > http://kmansoft.wordpress.com > > > -- > > You received this message because you are subscribed to the Google > > Groups "Android Developers" group. > > To post to this group, send email to > > android-developers@googlegroups.com > > <mailto:android-developers@googlegroups.com> > > To unsubscribe from this group, send email to > > android-developers+unsubscr...@googlegroups.com > > <mailto:android-developers%2bunsubscr...@googlegroups.com> > > For more options, visit this group at > > http://groups.google.com/group/android-developers?hl=en > > > -- > > You received this message because you are subscribed to the Google > > Groups "Android Developers" group. > > To post to this group, send email to android-developers@googlegroups.com > > To unsubscribe from this group, send email to > > android-developers+unsubscr...@googlegroups.com > > For more options, visit this group at > >http://groups.google.com/group/android-developers?hl=en > > -- > Kostya Vasilev -- WiFi Manager + pretty widget --http://kmansoft.wordpress.com -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
