问题
I use the SSL Socket and Trustmanager from this side Self signed SSL
but i keep getting following error:
09-28 19:52:41.942: WARN/System.err(10101): javax.net.ssl.SSLHandshakeException: org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate signature.
What is wrong? I already checked different posts on stackoverflow but i can`t seem to get it to work.
My code:
SchemeRegistry schemeRegistry = new SchemeRegistry();
// http scheme
schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
// https scheme
schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(), 443));
params = new BasicHttpParams();
params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 1);
params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE, new ConnPerRouteBean(1));
params.setParameter(HttpProtocolParams.USE_EXPECT_CONTINUE, false);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, "utf8");
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(new AuthScope("www.example.com", AuthScope.ANY_PORT),
new UsernamePasswordCredentials("user", "password"));
clientConnectionManager = new ThreadSafeClientConnManager(params, schemeRegistry);
context = new BasicHttpContext();
context.setAttribute("http.auth.credentials-provider", credentialsProvider);
DefaultHttpClient client = new DefaultHttpClient(clientConnectionManager, params);
HttpGet get = new HttpGet("https://www.example.com/web/restricted/form/formelement=512663");
HttpResponse response = client.execute(get, context);
Log.w("Response ","Status line : "+ response.toString());
回答1:
As Michael Levy mentioned, the reason I was getting this exception is that I had left my Android Emulator open for a few days and the clock had gotten pretty far out of sync. Once I restarted the emulator, the exception went away.
回答2:
Most probably server returned certificate chain with authorities you do not trust. (means: authority certificates are not known to your device as trusted) Solution: carefully examine certificates coming from HTTPS website, and add respective authorities to your truststore - but this part seems to be tricky
( here some explanations : http://groups.google.com/group/android-security-discuss/browse_thread/thread/0bf726de4f5275a3/391b900631d7f358 )
回答3:
BTW,we could re-produce this error easily -- just change the date of the phone to several years later.
NOTE: the error might be a little difference in different phone. Some might show that the certificate has expired.
回答4:
Check the time of your device, correct it and then check again.
来源:https://stackoverflow.com/questions/7588082/could-not-validate-certificate-signature