when I made the certificate in openssl I did not call X509_sign() to sign it...for my use case it didn't need to be signed so I hadn't bothered.
I changed my code so that I signed the certificate with its private key and then added the signed certificate to the STACK_OF(X509) certificate authority cert chain used to created the pkcs12 certificate with pkcs12_create(). I believe I didn't have to pass the SSLSocketFactory a truststore because that information was included in the pkcs12 certificate via the CA cert chain. On Jan 9, 10:20 pm, Nikolay Elenkov <[email protected]> wrote: > On Tue, Jan 10, 2012 at 3:12 PM, Carl Minden <[email protected]> wrote: > > > On Jan 8, 9:04 pm, Nikolay Elenkov <[email protected]> wrote: > >> Are you using a self-signed certificate for the server? If you are, you > >> need to either add it to the system trust store, or pass your custom > >> trust store to SSLSocketFactory. > > > I was actually using an unsigned certificate which turned out to be > > the problem... > > What do you mean by an 'unsigned certificate'? -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
