I use the SSL Socket and Trustmanager from this side Self signed SSL
but i keep getting following error:
09-28 19:52:41.942: WARN/System.err(10101): javax.net.ssl.SSLHandshakeException: org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate signature.
What is wrong?
I already checked different posts on stackoverflow but i can`t seem to get it to work.
SchemeRegistry schemeRegistry = new SchemeRegistry(); // http scheme schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); // https scheme schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(), 443)); params = new BasicHttpParams(); params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 1); params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE, new ConnPerRouteBean(1)); params.setParameter(HttpProtocolParams.USE_EXPECT_CONTINUE, false); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); HttpProtocolParams.setContentCharset(params, "utf8"); CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(new AuthScope("www.example.com", AuthScope.ANY_PORT), new UsernamePasswordCredentials("user", "password")); clientConnectionManager = new ThreadSafeClientConnManager(params, schemeRegistry); context = new BasicHttpContext(); context.setAttribute("http.auth.credentials-provider", credentialsProvider); DefaultHttpClient client = new DefaultHttpClient(clientConnectionManager, params); HttpGet get = new HttpGet("https://www.example.com/web/restricted/form/formelement=512663"); HttpResponse response = client.execute(get, context); Log.w("Response ","Status line : "+ response.toString());
As Michael Levy mentioned, the reason I was getting this exception is that I had left my Android Emulator open for a few days and the clock had gotten pretty far out of sync. Once I restarted the emulator, the exception went away.
Most probably server returned certificate chain with authorities you do not trust.
(means: authority certificates are not known to your device as trusted)
Solution: carefully examine certificates coming from HTTPS website, and add respective authorities to your truststore – but this part seems to be tricky
( here some explanations :
BTW，we could re-produce this error easily — just change the date of the phone to several years later.
NOTE: the error might be a little difference in different phone. Some might show that the certificate has expired.
Check the time of your device, correct it and then check again.