0

我的应用程序正在尝试访问我的服务器并下载 PDF。我收到 SSLHandshakeException,我的服务器正在https通过Go Daddy. 证书有效期至 2015 年。

即使在我的设备受信任证书中,我也可以将Go Daddy其视为受信任证书。请给我一些解决方案:

这是我的例外:

08-04 02:35:01.740: W/System.err(19591): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
08-04 02:35:01.740: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:413)
08-04 02:35:01.740: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:257)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:210)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:477)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:432)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:282)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:232)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:80)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:164)
08-04 02:35:01.750: W/System.err(19591):    at com.virinchi.activity.LoginActivity$UnSignedDownloadManager.doInBackground(LoginActivity.java:626)
08-04 02:35:01.750: W/System.err(19591):    at com.virinchi.activity.LoginActivity$UnSignedDownloadManager.doInBackground(LoginActivity.java:1)
08-04 02:35:01.750: W/System.err(19591):    at android.os.AsyncTask$2.call(AsyncTask.java:264)
08-04 02:35:01.750: W/System.err(19591):    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
08-04 02:35:01.750: W/System.err(19591):    at java.util.concurrent.FutureTask.run(FutureTask.java:137)
08-04 02:35:01.750: W/System.err(19591):    at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:208)
08-04 02:35:01.750: W/System.err(19591):    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
08-04 02:35:01.750: W/System.err(19591):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
08-04 02:35:01.750: W/System.err(19591):    at java.lang.Thread.run(Thread.java:856)
08-04 02:35:01.750: W/System.err(19591): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
08-04 02:35:01.750: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:184)
08-04 02:35:01.750: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:163)
08-04 02:35:01.750: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:593)
08-04 02:35:01.750: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
08-04 02:35:01.750: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:410)
08-04 02:35:01.750: W/System.err(19591):    ... 17 more
08-04 02:35:01.750: W/System.err(19591): Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
08-04 02:35:01.750: W/System.err(19591):    ... 22 more

这是我的认证检查代码:

public class SSLFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");

public SSLFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
    super(truststore);

    X509TrustManager tm = new X509TrustManager() {
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    };

    sslContext.init(null, new X509TrustManager[] { tm }, null);
}

public SSLFactory(SSLContext context) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
   super(null);
   sslContext = context;
}

@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}

public static HttpClient sslClient(HttpClient client) {
    try {
        X509TrustManager tm = new X509TrustManager() { 
            public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory ssf = new SSLFactory(ctx);
        ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = client.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", ssf, 443));
        return new DefaultHttpClient(ccm, client.getParams());
    } catch (Exception ex) {
        return null;
    }
}
}
4

1 回答 1

0

Sounds like you have to install the intermediate certificate on your webserver. It should be availabe from the distributor of the certificate.

于 2014-08-04T09:55:25.543 回答