使用自签名的证书和CA的Andr​​oid SSL的HTTP请求 [英] Android SSL HTTP Request using self signed cert and CA

问题描述

我有一个连接到我们举办了SSL的Web服务的android应用。 Web服务器是Apache和拥有我们创建了自己的CA和自签名的SSL证书。

I have an android application that is connecting to an SSL web service that we host. The Web server is apache and has its own CA that we created and a self signed SSL certificate.

我已经进口了CA证书到Android平板电脑在安全性用户的信赖证书部分。

I have imported our CA certificate onto the Android tablet in the User Trusted certificates section in Security.

我已经测试访问Web服务器，可以确认Web服务证书显示为有效的（下图）

I have tested access to the web server and can confirm that the web service certificate shows as valid (screenshot below)

下面是在安全设置的证书：

Here is the certificate in the security settings:

现在，当我尝试访问web服务在我的应用程序，我得到了没有同行证书异常被触发。

Now when I try and access the webservice in my application I get the "No Peer Certificate" exception being triggered.

这是SSL实现简化的：

This is the SSL implementation simplified:

public class MainActivity extends Activity {

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    // allows network on main thread (temp hack)
    StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder().permitAll().build(); 
    StrictMode.setThreadPolicy(policy);

    SchemeRegistry schemeRegistry = new SchemeRegistry();
    //schemeRegistry.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
    schemeRegistry.register(new Scheme("https", newSSLSocketFactory(), 443));


    HttpParams params = new BasicHttpParams();

    SingleClientConnManager mgr = new SingleClientConnManager(params, schemeRegistry);

    HttpClient client = new DefaultHttpClient(mgr, params);

    HttpPost httpRequest = new HttpPost("https://our-web-service.com");

    try {
        client.execute(httpRequest);
    } catch (Exception e) {
        e.printStackTrace(); //
    }
}

/* 
 * Standard SSL CA Store Setup //
 */
private SSLSocketFactory newSSLSocketFactory() {

    KeyStore trusted;

    try {
        trusted = KeyStore.getInstance("AndroidCAStore");
        trusted.load(null, null);
        Enumeration<String> aliases = trusted.aliases();

        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            X509Certificate cert = (X509Certificate) trusted.getCertificate(alias);
            Log.d("", "Alias="+alias);
            Log.d("", "Subject DN: " + cert.getSubjectDN().getName());
            Log.d("", "Issuer DN: " + cert.getIssuerDN().getName());
        }      

        SSLSocketFactory sf = new SSLSocketFactory(trusted);
        sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);

        return sf;

    } catch (Exception e) {
        // TODO Auto-generated catch block
        throw new AssertionError(e);
    }  
}

}

while循环刚刚吐出来的证书，我可以看到我自己的CA在日志中。但我仍然得到没有对等证书的异常。

The while loop just spits out the certificates and I can see my own CA in the logs. But I still get the "No Peer Certificate" exception.

10-17 18：29：01.234：我/的System.out（4006）：没有对方的证书

10-17 18:29:01.234: I/System.out(4006): No peer certificate

我必须以某种方式来手动加载我的CA证书在此实现？

Do I have to manually load my CA certificate somehow in this implementation?

推荐答案

通过解决：HttpsURLConnection

Solved by using: HttpsURLConnection

URLConnection conn = null;
URL url = new URL(strURL);
conn = url.openConnection();
HttpsURLConnection httpsConn = (HttpsURLConnection) conn;

这似乎很好地工作与用户安装的CA证书。

This seems to work fine with user installed CA certificates.

这篇关于使用自签名的证书和CA的Andr​​oid SSL的HTTP请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！