Trust Anchor not found for Android SSL Connection

Question

I am trying to connect to an IIS6 box running a godaddy 256bit SSL cert, and I am getting the error :

java.security.cert.CertPathValidatorException: Trust an         


        

Answer 1

I have had a similar problem and I have completely ruled out the strategy of trusting all sources.

I share here my solution applied to an application implemented in Kotlin

I would first recommend using the following website to obtain information about the certificate and its validity

If it does not appear as an 'Accepted Issuers' in the Android default trust store, we must get that certificate and incorporate it into the application to create a custom trust store

The ideal solution in my case was to create a high-level Trust Manager that combines the custom and the Android default trust store

Here he exposes the high level code used to configure the OkHttpClient that he used with Retrofit.

override fun onBuildHttpClient(httpClientBuild: OkHttpClient.Builder) {

        val trustManagerWrapper = createX509TrustManagerWrapper(
            arrayOf(
                getCustomX509TrustManager(),
                getDefaultX509TrustManager()
            )
        )

        printX509TrustManagerAcceptedIssuers(trustManagerWrapper)

        val sslSocketFactory = createSocketFactory(trustManagerWrapper)
        httpClientBuild.sslSocketFactory(sslSocketFactory, trustManagerWrapper)

    }

In this way, I could communicate with the server with a self-signed certificate and with other servers with a certificate issued by a trusted certification entity

This is it, I hope it can help someone.