I'm trying to make an SSL connection to a host that is not using one
of the "standard" CAs.  I'm attempting to do this in the ordinary way:
you create an SSLContext, and then you call

sslContext.init(clientKeyManagers, trustManagers, secureRandom);

Very simple stuff.

I've confirmed that trustManagers is correct and contains the
certificate for the CA and also (just for good measure) the
certificate of the host I'm connecting to.  In other words, I'm
saying, "Joe's certificate is trusted" by putting it in the trust
manager, and yet... I'm getting:

Caused by: java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException: TrustAnchor for
CertPath not found.
W/SocketTest( 1010):    at
W/SocketTest( 1010):    at

Is this a bug in Android?  I looked at the code and there a lot of
sections that are labeled "android-changed" where the validation is
taking place.

Is there some trick to this, or am I doing something wrong, or should
I go through and trace through the whole tangle of SSL code to find
out what I can do to make it work?

In some searches I have seen that other people have encountered the
same issue, but haven't seen any resolution of it.

What's the scoop?  Can I get SSLContext to accept a KeyStore of
certificates to use as trusted certs?


You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
For more options, visit this group at

Reply via email to