Android Emulator "Chain Validation Failed" connecting developers machine with self-signed cert

44
votes

I have an Android Studio project that calls a web based API service. When the service code is in dev, qa, prod etc. There are NO certificate issues but when trying to hit the web api developers box to test a new feature / bug fix / etc. I get:

No reply because of error:

javax.net.ssl.SSLHandshakeException: Chain validation failed

at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)

I had the self signed certificate exported from the service developers machine WITHOUT the private key DER encoded. I dropped onto the emulator and it "installed" but this did not work.

I took the same cert above and copied to the emulated sd card. Then installed from security settings in emulator. Same result. Chain validation failed.

Now my security / certificate knowledge is very basic. I think the error actually describes the problem. There is no chain in a self signed certificate...but I could be wrong.

Regardless, how do I work around this?

I desire to be able to run my Android code and hit the developers box for testing / debugging etc.

I have read post like this one only to have the corporate environment I am in blocking the sites for open SSL etc.

https://android.stackexchange.com/questions/61540/self-signed-certificate-install-claims-success-but-android-acts-as-if-cert-isn

I am accessing the service through a WebView.

7
androidsslandroid-emulatorssl-certificate
User-installed certs are not applied by default on Android 7.0+. How specifically are you accessing this server? OkHttp3? HttpUrlConnection? WebView? Something else?CommonsWare
Arrgghh good question. I will update OP with the information.GPGVM
I'm not sure that there's a good production-grade recipe for using WebView with a server with a self-signed certificate. If you search for android webview self-signed certificate on search engines, you'll come up with stuff like this, which will get your app kicked out of the Play Store. I haven't done an exhaustive search on the subject, though, so perhaps there is a solution out there that I don't know of.CommonsWare

7 Answers

185
votes

A cause of this problem can be wrong date time of the device

24
votes

I was getting

javax.net.ssl.SSLHandshakeException: Chain validation failed

and

java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date

the solution that worked for me was to force cold boot the emulator via Virtual Device Manager -> Actions dropdown -> Cold Boot Now

13
votes

Just restarting the Emulator solved this error. Long press the Power off button in the emulator menu and select Restart.

4
votes

consider to use alternative internet connection when you got this issue

I've check time dan date, restarting my emulator, even my mac, apparently on my case

this error raised because I have shitty internet connection.

javax.net.ssl.SSLHandshakeException: Chain validation failed

extra: I think this exception need to be more explicit because it has so many triggers

extra2: maybe strict firewalls from your network also could make this happens

1
votes

I know this is an old Question, but I had a similar problem, with a completely different solution.

Make sure your SSL isn't expired. Once I fixed that problem I was no longer getting "javax.net.ssl.SSLHandshakeException: Chain validation failed" errors. I had other issues, but that's a different thread.

It sounds like such an obvious solution, but it's something to look into and not necessarily the first thing on people's mind.

0
votes

I wiped out all the data of the emulator and booted it up again, installed the app and everything was working. But seen other solution I think now that it might been an overkill.

0
votes

This Kind of exceptions will occur if you are calling HTTPS API and the device date time is incorrect.

It means the connection certificate is not valid because of date time is incorrect. That's why SSL Handshake get failed.

Solution: handle exceptions of APIs and show toast/snackbar/page to the user to change device date time.

Ex exceptions:

javax.net.ssl.SSLHandshakeException: Chain validation failed
...
Caused by: java.security.cert.CertificateException: Chain validation failed
...
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
...
Caused by: java.security.cert.CertificateNotYetValidException: Certificate not valid until Thu Aug 26 05:30:00 GMT+05:30 2021 (compared to Wed Mar 16 17:03:55 GMT+05:30 2016)
...