Problems with https (No peer certificate) in android

Question

Problem

I want to send https request to the site https://10.2.20.20/fido/EzPay/login.php my own server and get response from it and save it for example in a string

Answer 1

The request method POST is inappropriate for the URL /. That’s all we know.

Example 1 doesn't work because it seems that you are not allowed to send POST request to that page. Try:

/* ... */
HttpGet httpGet = new HttpGet(url);
HttpResponse response = httpClient.execute(httpGet);
/* ... */

Example 2 doesn't work because you don't accept the website certificate as an accepted certificate, so it should also be like this:

/* ... */
HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
registry.register(new Scheme("https", socketFactory, 443));
SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);
DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());
/* ... */

Answer 2

Have you tried to open the page with a browser ? If its not opening your Configuration is wrong.

Note if your using a Self-Signed-Certificate you may get some connection problems. Some Android Kernel Versions (prior to 2.6.32.9) dont like Self-Singed-Certificates.

Answer 3

Finally I have solved https problem. As I fought the main problem was in server, concretely in certificate. Android supports only “BKS” certificate and that’s was the reason that we can’t get response from the server. In order to solve this issue I have read more then 30 articles and finally found solution.

The steps which I done to solve this issue you can see below:

First thing that I do was generating .bks keystore file from our fidoserver.crt certificate, in order to do that I have read this article and do following:

1. Open cmd
2. Go to JDK folder “cd X:\Programs\Java\Jdk6\bin”
3. Call following command:

keytool -import -alias tomcat -file X://KeyStore/fidoserver.crt -keypass password - keystore X://KeyStore/keystore.bks -storetype BKS -storepass 222222 -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath X://KeyStore/bcprov-jdk16-146.jar

Before running this command I have download Bouncy Castle .jar file and put it in the folder with certificates. After doing this all steps I get keystore.bks file which is the right certificate file for Android application. I put this file in Androids mnc/sdcard folder. In java code I have write following code to read that keystore.bbk file

KeyStore trustStore  = KeyStore.getInstance( "BKS" /*KeyStore.getDefaultType()*/ );
FileInputStream instream = new FileInputStream(new File("/mnt/sdcard/keystore.bks"));
try {
    trustStore.load(instream, "222222".toCharArray());
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
} catch (CertificateException e) {
    e.printStackTrace();
} catch (IOException e) {
    e.printStackTrace();
} finally {
    try { instream.close(); } catch (Exception ignore) {}
}

// Create socket factory with given keystore.
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);

SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
Scheme sch = new Scheme("https", socketFactory, 443);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);

HttpGet httpget = new HttpGet("https://10.2.20.20/fido/EzPay/login.php");

System.out.println("executing request " + httpget.getRequestLine());

HttpResponse response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();

System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
    System.out.println("Response content length:  " + entity.getContentLength());
}
            
// Print html.
BufferedReader in = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
String line = "";
while ((line = in.readLine()) != null) {
     System.out.println(line);
}
in.close();

This all allow m to load our certificate with given password 222222 (password we give when create a keystore with keytool).

After this all my test application start to work correctly. Now I can send request to https and get response from it. I have tested application with FIDO server, everything works great! I think on Monday I will make some changes in EzPay application and it will start working with https connections.

References

• Using TLS with Apache Tomcat and Android
• SSL Verification for Android Applications
• KeyStore
• Android: Trusting SSL certificates
• Bouncy Castle
• Android/Java — How to Create HTTPS Connection?