Hi all, I have written an Android web service client using the Restlet framework for Android (2.0.15), and I've also written the web service backend as well (again with Restlet 2.0.15 JEE) which has been uploaded on AWS Elastic Beanstalk (so the client calls would be in the form of "http://my_web_service.elasticbeanstalk.com/this/is/my/request"). Everything works fine on HTTP, so now I'd like to replace it with HTTPS, but this has proven more difficult that I initially thought.
I have created a trial SSL certificate from Comodo, where I have declared, as a CNAME, a domain that I own (unfortunately, I cannot declare the elasticbeanstalk.com subdomain, where the AWS load balancer is running, as a certificate hostname). This certificate has been uploaded to my AWS instance, and it seems to be running succsefully (tested via web browser, a couple of https calls get through succesfully after I accept the certificate on the browser). The only thing that I don't like about this certificate is the fact that I get a warning that this may be an invalid certificate, since the declared hostname (my domain) and the actual hostname that the certificate is running (elasticbeanstalk.com) do not match. In my client I'm using the apache http client (have loaded the org.apache.httpclient.jar on claspath), and this is how I create the client resource I use on every call, which is plain and simple: /ClientResource resource = new ClientResource(resourceUri); Engine.getInstance().getRegisteredClients().clear(); Engine.getInstance().getRegisteredClients().add(new HttpClientHelper(null));/ Of course, /resourceUri/ is in the form of "https://my_web_service.elasticbeanstalk.com/this/is/my/request", and this is the only difference between the working HTTP case and the non-working HTTPS case. With HTTPS, I get the error below: A recoverable error was detected (1001), attempting again in 2000 ms. I've tried several suggestions that I found on google (using org.restlet.ext.net httpclient instead of apache or even loading the org.restlet.ext.ssl jar from Restlet Android 2.1), but nothing has worked so far. I've even captured a network trace with Wireshark, and here's the callflow: ssl_call_flow.txt <http://restlet-discuss.1400322.n2.nabble.com/file/n7578771/ssl_call_flow.txt> >From the callflow above, it seems that client and server fail to complete a succesful negotiation, but I have no idea why. Any suggestions on how to resolve this problem are welcome. I believe that the issue exists on the client side (Android app using Restlet 2.0.15 framework), but not on the app code itself (since everything works fine when using HTTP) but rather on the SSL negotiation/handshake before actually making any calls. I also believe that the Certificate Authority (Comodo) is successfully accepted/trusted by Android (I've done https calls through the android device browser), but it still gives you a certificate warning that you need to accept before continuing. Could it be that Restlet 2.0.15 is not handling smoothly SSL communication, and I would need to upgrade to 2.1 or later? Looking forward to hearing your suggestions. In case you'd like to get some more info that could help, just ask me. :) Thanks in advance, Alex -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771.html Sent from the Restlet Discuss mailing list archive at Nabble.com. ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3054809