凌空请求通过https只能与WiFi（WLAN），但不支持3G / GPRS（UMTS） [英] Volley Request over https only works with Wifi (wlan) but not for 3G/GPRS (umts)

问题描述

由于我奉命要问这个问题，我自己的问题，我在这里做这个。结果
要查看<一个href=\"http://stackoverflow.com/questions/5172857/https-connection-works-over-wifi-wlan-but-not-for-3g-gprs-umts\">Original主题中，我第一次问我的问题（现已删除）。

我被困在同样的问题，笔者不幸的是，答案是没有帮助的。

要介绍一下我的问题更具体一点，我与Java图8（ - JDK v8.0.25）在互联网上我的Tomcat 8（v8.0.15）服务器上的自签名证书工作。我有我的主机的Java EE应用程序，这是我的Andr​​oid应用程序的后端。在Tomcat的SSL连接的工作，因为它应该。当我测试的后端与 RESTClient实现我得到的结果符合市场预期。结果
我创建了密钥库与一个证书：结果

 的keytool -genkey -alias tomcat的-keystore tomcat.keystore
-storepass MYKEYSTOREPASS -keyalg RSA -keysize 2048 -validity 365
 

然后我提取的证书：

 的keytool -export -alias tomcat的-storepass MYKEYSTOREPASS
-keystore tomcat.keystore -file tomcat.cer
 

最后我创造了BKS格式的新密钥库为我的Andr​​oid应用程序：

 的keytool -import -alias tomcat的-file tomcat.cer -keypass MYKEYSTOREPASS
-keystore tomcat.bks -storetype BKS -storepass MYKEYSTOREPASS
-providerClass org.bouncycastle.jce.provider.BouncyCastleProvider
-providerpath $ PATH_TO_BC_LIBRARY / bcprov-jdk16-146.jar
 

  

（如前所述这里了 -export和-import参数从previous
  发布，但仍然可用。所以，你也可以知道这个命令
  参数为-exportcert和-importcert）

完成这个步骤，我试图连接并一切正常后。但是，只有等我停用/离开我的WLAN连接。然后，它没有任何工作和更带来了一个javax.net.ssl​​.SSLPeerUnverifiedException：没有对方的证书。结果我真的不明白这种行为。

要照亮了Android方多一点点：结果
我用从在本教程中精确的方法相同。

如果缺了点什么，只是评论，我将带来的相关信息。

非常感谢事先！

解决方案

同时使对服务器故障的类似问题我的研究我得到了一个暗示，这可能是错的也：
<一href=\"http://serverfault.com/questions/560733/why-isnt-tomcat-serving-the-correct-ssl-certificate\">http://serverfault.com/questions/560733/why-isnt-tomcat-serving-the-correct-ssl-certificate
我尝试过了与丢失的参数keyAlias​​，和它的工作！该解决方案是最后 - 一个并非最佳Tomcat配置 - 像Ogre_BGR之前的预期。该连接器看起来是这样的：结果

 ＆LT;连接器端口=8443协议=HTTP / 1.1SSLEnabled =真
           = maxThreads150=计划https开头=安全真实
           clientAuth =假sslProtocol =TLS
           keystoreFile =PATH_TO_YOUR_KEYSTORE
           keystorePass =PASSWORD_FOR_YOUR_KEYSTORE
           keyAlias​​ =ALIAS_OF_YOUR_CERTIFICATE
           maxHttpHeaderSize =8192
           /＆GT;
 

默默的Tomcat只选取中发现的密钥库中的第一个关键，当没有keyAlias​​配置。提到在文档这里（底部）。

我希望有一天有人会很乐意阅读，而有同样的问题。

再次感谢@Ogre_BGR：）

Because I was instructed to ask this issue in my own question I'm doing this here.
To see Original Topic in which I first asked my question (deleted now).

I got stuck with the same Problem and unfortunately the answers of the author aren't helpful.

To introduce my issue a little bit more in detail, I work with a self signed certificate on my Tomcat 8 (v8.0.15) server on the internet with Java 8 (v8.0.25 - JDK). There I host my Java EE Application, which is the backend for my Android Application. The SSL connector of the Tomcat works as it should. When I test the backend with a RESTClient I get the result as expected.
I created the keystore with one certificate:

keytool -genkey -alias tomcat -keystore tomcat.keystore 
-storepass MYKEYSTOREPASS -keyalg RSA -keysize 2048 -validity 365

Then I extracted the certificate:

keytool -export -alias tomcat -storepass MYKEYSTOREPASS 
-keystore tomcat.keystore -file tomcat.cer

Lastly I created a new Keystore in the BKS format for my Android Application:

keytool -import -alias tomcat -file tomcat.cer -keypass MYKEYSTOREPASS 
-keystore tomcat.bks -storetype BKS -storepass MYKEYSTOREPASS 
-providerClass org.bouncycastle.jce.provider.BouncyCastleProvider
-providerpath $PATH_TO_BC_LIBRARY/bcprov-jdk16-146.jar

(as mentioned here the "-export" and "-import" parameter are from previous releases but still useable. So you could also know this command parameters as "-exportcert" and "-importcert")

After finishing this steps I tried to connect and everything went fine. But only till I deactivated/left my WLAN connection. Then it did not work any more and brings an "javax.net.ssl.SSLPeerUnverifiedException: No peer certificate".
I really do not understand this behaviour.

To brighten up the android side a little bit more:
I used the classes/library from this tutorial in exact the same way.

If something is missing, just comment and I will bring the infos.

Thanks a lot in advance!

解决方案

While making my research on Server Fault for similar issues I got a hint what could be wrong also: http://serverfault.com/questions/560733/why-isnt-tomcat-serving-the-correct-ssl-certificate I tried it out with the missing parameter "keyAlias", and it worked! The solution was finally - like Ogre_BGR expected before - a not optimal tomcat configuration. The connector looks like this:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="PATH_TO_YOUR_KEYSTORE"
           keystorePass="PASSWORD_FOR_YOUR_KEYSTORE"
           keyAlias="ALIAS_OF_YOUR_CERTIFICATE"
           maxHttpHeaderSize="8192"
           />

Tomcat silently picks only the first key it finds in the keystore, when no keyAlias is configured. Mentioned in the docs here (at the bottom).

I hope that some day somebody will be glad to read this, while having the same Problem.

Thanks again @Ogre_BGR :)

这篇关于凌空请求通过https只能与WiFi（WLAN），但不支持3G / GPRS（UMTS）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！