I bought a valid wildcard certificate from namecheap.com for my domain neelo.de. Now I try to connect via WSS from Android and I always get "javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.". But I can't know why. The certificate is not self signed and I read the docs from google at: https://developer.android.com/training/articles/security-ssl.html
But these problems should only invoke with self signed certificates. I try it with nodejs and it works fine:
WebSocket = require "ws"
ws = new WebSocket("wws://api.neelo.de")
ws.on "open", -> console.log "OPEN"
ws.on "close", -> console.log "CLOSE"
ws.on "error", (err) -> console.log err
ws.on "message", (data) -> console.log data
Here is my android code for loading the keystore:
public WebSocketClient(Context context) throws Exception {
super(new URI("wss://api.neelo.de"), new Draft_76());
this.context = context;
this.messageReceiver = messageReceiver;
configureKeyStore();
}
void configureKeyStore() throws Exception {
Log.d(TAG, "Configure key store");
KeyStore ks = KeyStore.getInstance(STORE_TYPE);
InputStream in = getContext().getResources().openRawResource(R.raw.android_keystore);
ks.load(in, STORE_PASSWORD.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
kmf.init(ks, STORE_PASSWORD.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocketFactory factory = sslContext.getSocketFactory();
super.setSocket(factory.createSocket());
}
Anybody an idea? Thanks for help! This problem has already cost me 3 days...
