HttpsUrlConnection: Trust anchor for certification path not found on 2.3

5
votes

there. I need to establish https connection with https://free.temafon.ru but I've got CertPathValidatorException on Android 2.3 and below. What have I done.

  1. Grab all certs from https://free.temafon.ru with Firefox.
  2. Import certs in keystore in sequence from temefon certificate to root certificate.

  3. Init ssl context:

    final KeyStore keystore = KeyStore.getInstance("BKS");

        keystore.load(getResources().openRawResource(R.raw.temafon),
                "W0d3Uoa5PkED".toCharArray());
    final TrustManager trustManager = new TemafonTrustManager(keystore);

    final SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, new TrustManager[] { trustManager }, null);

    HttpsURLConnection.setDefaultSSLSocketFactory(sslContext
            .getSocketFactory());

    Here, I use custom TrustManager, because server sends certs in wrong order.

This code works fine on Android 4.0, but failed on 2.3 with java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. What I'm doing whrong?

I've created a test project, which can be found here.

1
androidsslhttpsssl-certificatehttpsurlconnection
did you find a solution to this? I am dealing with the same problem.jimbob
Unfortunately not, I ended up with accepting all certs for 2.3.Bracadabra

1 Answers

0
votes

When you say that you grabbed all the certificates with FireFox, did you also include the root CA?

Most likely, Android 2.3 does not have the root CA installed. Per this link,

In this case, the SSLHandshakeException occurs because you have a CA that isn't trusted by the system. It could be because you have a certificate from a new CA that isn't yet trusted by Android or your app is running on an older version without the CA.