"Not trusted server certificate" means the server's certificate can't be traced back to one of the roots known to the phone. Most phones (for reasons I don't understand) have a deficiency of root certificates, so it's not unusual to find a server that doesn't have a "valid" certificate, from the phone's standpoint.
You have several options: 1) Tell SSL to trust the server anyway. I don't know how you do this precisely, but there's a way to do so when you set up the session, or perhaps you can monitor for the exception and tolerate it somehow. Note that you should generally do some validation of the site -- make sure it's one that you inherently trust -- before you do this. 2) Give your SSL session the necessary root certificates (shipped with your app) for validation. Again, I don't know exactly how to do this on Android, but again you can probably do it during session setup. 3) Install the necessary root certificates on the phone. I think this can be done with the "credential storage" in Android, but I haven't figured it out yet. On Nov 3, 11:00 am, gato <[email protected]> wrote: > yep! you are right DanH , I'm using "TLS" not "TSL". > > Any way the "net.ssl.SSLException: Not Trusted server certificate" > Excepetion stiil there > > thank you for your help. > > On Nov 2, 6:48 pm, DanH <[email protected]> wrote: > > > Was just wondering because you were doing a getInstance on "TSL", not > > "TLS". > > > On Nov 1, 2:04 pm, gato chlr <[email protected]> wrote: > > > > DanH , thanks for the answer, i have read about TLS, and now i know it is > > > a > > > SSLv3. > > > > I have tried with TLS , and it works! but, then i get a > > > javax.net.ssl.SSLException: Not Trusted server certificate. So it seems > > > that > > > my know my dummy trustManager is not working :S. the exception occurs in > > > the > > > instruction : > > > > HttpResponse response = httpclient.execute(targetHost, httpget, > > > localcontext); > > > > I have changed the value "SSL" to "TLS" in my desktop (not for android) > > > and > > > it work fine. But in my android application (this one) it throws that > > > exception. > > > > Maybe my trustManager does not works in Android, if anybody has a code or > > > solution to fix this problem i will really appreciate > > > > thank for the answers > > > > On 1 November 2010 14:37, DanH <[email protected]> wrote: > > > > > Have you tried "TLS"? > > > > > On Nov 1, 9:29 am, gato chlr <[email protected]> wrote: > > > > > Hi list, > > > > > > i want to implement a client for https, all in my localhost (in my > > > > apache, > > > > > it is configured to ask authentication), with a resource " > > > >https://localhost:443/resources/resource1.xml"; > > > > > the server works fine. > > > > > > I have a client for desktop, and it works fine, the resources are > > > > consumed > > > > > using httpcomponents-client-4.0.3), i have readed that Android uses > > > > > that > > > > > version. > > > > > > This is the code of my client in Android (practically is the same of > > > > desktop > > > > > mapped to android) , > > > > > > in the line of SSLContext sc = SSLContext.getInstance("TSL"); the > > > > > next > > > > > exception is thrown : > > > > > > java.security.NosuchAlgorithmException: SSLContext SSL implementation > > > > > not > > > > > found > > > > > > Please does anybody know how to solve this issue? > > > > > > i have tried with TSL and the exception continue. > > > > > > import java.io.IOException; > > > > > > import javax.net.ssl.HttpsURLConnection; > > > > > import javax.net.ssl.SSLContext; > > > > > import javax.net.ssl.TrustManager; > > > > > import javax.net.ssl.X509TrustManager; > > > > > > import org.apache.http.HttpEntity; > > > > > import org.apache.http.HttpException; > > > > > import org.apache.http.HttpHost; > > > > > import org.apache.http.HttpRequest; > > > > > import org.apache.http.HttpRequestInterceptor; > > > > > import org.apache.http.HttpResponse; > > > > > import org.apache.http.auth.AuthScheme; > > > > > import org.apache.http.auth.AuthScope; > > > > > import org.apache.http.auth.AuthState; > > > > > import org.apache.http.auth.Credentials; > > > > > import org.apache.http.auth.UsernamePasswordCredentials; > > > > > import org.apache.http.client.CredentialsProvider; > > > > > import org.apache.http.client.methods.HttpGet; > > > > > import org.apache.http.client.protocol.ClientContext; > > > > > import org.apache.http.impl.auth.BasicScheme; > > > > > import org.apache.http.impl.client.DefaultHttpClient; > > > > > import org.apache.http.protocol.BasicHttpContext; > > > > > import org.apache.http.protocol.ExecutionContext; > > > > > import org.apache.http.protocol.HttpContext; > > > > > import org.apache.http.util.EntityUtils; > > > > > > import android.app.Activity; > > > > > import android.os.Bundle; > > > > > import android.widget.TextView; > > > > > > public class androidNativeRest extends Activity { > > > > > > /** Called when the activity is first created. */ > > > > > public void onCreate(Bundle savedInstanceState) { > > > > > > super.onCreate(savedInstanceState); > > > > > > TextView tv = new TextView(this); > > > > > > String res="nada"; > > > > > > DefaultHttpClient httpclient = new DefaultHttpClient(); > > > > > > httpclient.getCredentialsProvider().setCredentials( > > > > > new AuthScope("10.0.2.2", 443), > > > > > new UsernamePasswordCredentials("user", "pass")); > > > > > > BasicHttpContext localcontext = new BasicHttpContext(); > > > > > > // Generate BASIC scheme object and stick it to the local > > > > > // execution context > > > > > BasicScheme basicAuth = new BasicScheme(); > > > > > localcontext.setAttribute("preemptive-auth", basicAuth); > > > > > > // Add as the first request interceptor > > > > > httpclient.addRequestInterceptor(new PreemptiveAuth(), 0); > > > > > > HttpHost targetHost = new HttpHost("10.0.2.2", 443, "https"); > > > > > > HttpGet httpget = new HttpGet("/resources/resource1.xml"); > > > > > > res+="executing request: " + httpget.getRequestLine()+"/ln"; > > > > > res+="to target: " + targetHost+"/ln"; > > > > > //----------------------TRUST > > > > > MANAGER--------------------------- > > > > > //Create a trust manager that does not validate certificate > > > > chains > > > > > TrustManager[] trustAllCerts = new TrustManager[]{ > > > > > new X509TrustManager() { > > > > > public java.security.cert.X509Certificate[] > > > > > getAcceptedIssuers() { > > > > > return null; > > > > > } > > > > > public void checkClientTrusted( > > > > > java.security.cert.X509Certificate[] certs, > > > > String > > > > > authType) { > > > > > } > > > > > public void checkServerTrusted( > > > > > java.security.cert.X509Certificate[] certs, > > > > String > > > > > authType) { > > > > > } > > > > > } > > > > > }; > > > > > //install trust manager > > > > > try { > > > > > > SSLContext sc = SSLContext.getInstance("TSL"); > > > > > > sc.init(null, trustAllCerts, new > > > > java.security.SecureRandom()); > > > > > > HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); > > > > > } catch (Exception e) { > > > > > res+="error en trustmanage"+e.toString()+" /ln"; > > > > > } > > > > > //now we can access an https URL without having the > > > > > certificate > > > > in > > > > > the truststore > > > > > //----------------------------FINISH TRUST MANAGER > > > > > INSTALLATION--------- > > > > > > for (int i = 0; i < 3; i++) { > > > > > try{ > > > > > HttpResponse response = httpclient.execute(targetHost, > > > > > httpget, localcontext); > > > > > HttpEntity entity = response.getEntity(); > > > > > > res+="---------------------------------------- /ln"; > > > > > res+=response.getStatusLine()+"/ln"; > > > > > if (entity != null) { > > > > > res+="Response content length: " + > > > > > entity.getContentLength()+"/ln"; > > > > > res+=EntityUtils.toString(entity)+"/ln"; > > > > > res = EntityUtils.toString(entity); > > > > > entity.consumeContent(); > > > > > > } > > > > > }catch(Exception e1){ > > > > > res+="errores che"; > > > > > } > > > > > > } > > > > > > httpclient.getConnectionManager().shutdown(); > > > > > > tv.setText(res); > > > > > > setContentView(tv); > > > > > > } > > > > > static class PreemptiveAuth implements HttpRequestInterceptor { > > > > > > public void process( > > > > > final HttpRequest request, > > > > > final HttpContext context) throws HttpException, > > > > IOException > > > > > { > > > > > > AuthState authState = (AuthState) context.getAttribute( > > > > > ClientContext.TARGET_AUTH_STATE); > > > > > > // If no auth scheme avaialble yet, try to initialize it > > > > > preemptively > > > > > if (authState.getAuthScheme() == null) { > > > > > AuthScheme authScheme = (AuthScheme) > > > > context.getAttribute( > > > > > "preemptive-auth"); > > > > > CredentialsProvider credsProvider = > > > > > (CredentialsProvider) > > > > > context.getAttribute( > > > > > ClientContext.CREDS_PROVIDER); > > > > > HttpHost targetHost = (HttpHost) context.getAttribute( > > > > > ExecutionContext.HTTP_TARGET_HOST); > > > > > > if (authScheme != null) { > > > > > Credentials creds = credsProvider.getCredentials( > > > > > new AuthScope( > > > > > targetHost.getHostName(), > > > > > targetHost.getPort())); > > > > > if (creds == null) { > > > > > throw new HttpException("No credentials for > > > > > preemptive authentication"); > > > > > } > > > > > authState.setAuthScheme(authScheme); > > > > > > > ... > > read more » -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
