Android WebView获取sslError SSL_UNTRUSTED但证书有效 [英] Android webview get sslError SSL_UNTRUSTED but certificate is valid

问题描述

我已经在WebViewClient中实现了 onReceivedSslError 方法，以正确处理Webview中的无效https证书:

I've implemented onReceivedSslError method in my WebViewClient to properly handle invalid https certificate in webview:

@Override
        public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
            final AlertDialog.Builder builder = new AlertDialog.Builder(WebActivity.this);
            String message = "SSL Certificate error.";
            switch (error.getPrimaryError()) {
                case SslError.SSL_UNTRUSTED:
                    message = "The certificate authority is not trusted.";
                    break;
                case SslError.SSL_EXPIRED:
                    message = "The certificate has expired.";
                    break;
                case SslError.SSL_IDMISMATCH:
                    message = "The certificate Hostname mismatch.";
                    break;
                case SslError.SSL_NOTYETVALID:
                    message = "The certificate is not yet valid.";
                    break;
            }
            message += " Do you want to continue anyway?";

            builder.setTitle("SSL Certificate Error");
            builder.setMessage(message);
            builder.setPositiveButton("continue", (dialog, which) -> handler.proceed());
            builder.setNegativeButton("cancel", (dialog, which) -> handler.cancel());
            final AlertDialog dialog = builder.create();
            dialog.show();
        }

当网页视图加载我的网页时，检测到 SslError.SSL_UNTRUSTED 错误.但是，如果我在Chrome(无论是台式机还是移动版)中打开相同的确切网址，则该证书被视为有效且受信任:

When the webview loads my webpage the SslError.SSL_UNTRUSTED error is being detected. However if I open the same exact url in chrome (both desktop or mobile) the certificate is considered valid and trusted:

为什么会这样?

推荐答案

对我来说，这是我尝试连接的服务器的问题.它的中间证书链断了.重定向服务器的链断了.当链条断开时，Webview无法解决，因为它不知道在哪里寻找正确的证书.

For me this was an issue with the server I was trying to reach. It had a broken intermediate certificate chain. It was the redirect server that had a broken chain. When there is a broken chain the webview has no way to resolve because it does not know where to look for the correct cert.

使用此工具检查常见的错误配置.还要确保检查所有重定向.

Use this tool to check for common misconfigurations. Be sure to check any redirects as well.

Android不支持权威信息访问

Android does not support Authority Information Access

因此没有 AIA提取

但是?！..它可以在浏览器中使用是的，它可以在浏览器中使用，因为所有浏览器都附带有一个中间列表，以便在证书链断开时重新使用.

But?!.. it works in browsers Yes, It works in browsers because all browsers carry around a list of intermediates to fall back on when the cert has a broken chain.

解决方案::修复服务器上的证书链.

Solution: Fix certificate chain on server.

这篇关于Android WebView获取sslError SSL_UNTRUSTED但证书有效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！