Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
901 views
in Technique[技术] by (71.8m points)

ssl - How to trust self signed certificate on Android?

I have generated self signed certificate for my server. Then added it to Android with Settings -> Security -> Install.

When I'm trying to connect to my server from the application I'm getting error:

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

As I understand after I've added certificate to list of trusted ones it should work fine. Am I missing something? The idea is to add certificate through Android system without modifying application code.

Btw I'm using OkHttpClient for network connection. Maybe I should enable something for https connection?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

It is important to Android that when you generate your self-signed certificate, you mark it as a Certifying Agency in order to empower it to certify certificates -- even if only to sign itself and so certify that it is itself.

This is done in the basicConstraints extension, declaring CA:TRUE instead of the default CA:FALSE. When you import a certificate so marked, Android will consider it a user-installed root certificate, and you should be able to see it under Credential storage > Trusted credentials > USER.

However, a certificate having this bit is a mighty power, and such certificates have been used by nefarious tools to spy on supposedly encrypted user communication in the past. Accordingly, these days, Google Play Protect will want to have a word with the user when this kind of CA certificate is in force.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...