java.security.cert.CertPathValidatorException:找不到证书路径的信任锚。 Android 2.3 [英] java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. Android 2.3
问题描述
在我的服务器(生产服务器)中,我有一个goDaddy ssl证书。
我有iOS和Android应用程序连接服务器,iOS连接没有问题,android连接版本4. *一切都很好,但设备有2.3。*我总是得到SSLHandshakeException。
In my server (production server), I have a goDaddy ssl certificate. I have both iOS and Android apps connecting with the server, iOS connecting with no problems, android with versions 4.* everything is good, but with devices with 2.3.* I always get a SSLHandshakeException.
我在Android开发者页面上完全赞同( https://developer.android.com/training/articles/security-ssl.html 。
I did exactly like on Android Developers page (https://developer.android.com/training/articles/security-ssl.html).
我已经在stackoverflow中看到了类似的线程( 此处)但没有正在帮助。
I already saw similar threads here in stackoverflow (here) but none is helping.
然后我看到这个主题讨论扩展密钥用法,但在调试时我得到以下信息:
Then I saw this thread talking about Extended Key Usage, but when debugging I get the following information:
[2]: OID: 2.5.29.37, Critical: false
Extended Key Usage: [ "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2" ]
所以我猜证书不是强制扩展密钥用法。
So I guess the certificate is not "forcing" Extended Key Usage.
同样在这个线程还有一些其他可能的原因,例如日期/时间完全错误,这是一切都不存在。
Also on this thread there are some other possible causes such as date/time being completly wrong, wich are all not existent.
考虑到这一点,我现在不知道问题出在哪里。
Taking that into consideration, I now don't know where the problem might be.
有任何建议吗?
编辑:
下面的StackTrace:
StackTrace below:
08-04 16:54:30.139: W/System.err(4832): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
08-04 16:54:30.149: W/System.err(4832): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:161)
08-04 16:54:30.149: W/System.err(4832): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:664)
08-04 16:54:30.149: W/System.err(4832): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
08-04 16:54:30.159: W/System.err(4832): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:474)
推荐答案
看起来证书的发行人不在2.3设备的信托存储中。
It looks like the issuer of your certificate is not in the trust store of the 2.3 devices.
查看GoDaddy证书的根和中间ca,并检查2.3设备上是否存在证书。
Take a look at the root and intermediate ca's of your GoDaddy certificate and check whether the certificates are present on your 2.3 device.
参见 http://www.andreabaccega.com/blog/2010/09/23/android-root-certification-authorities-list/ 获取2.3证书列表。
See http://www.andreabaccega.com/blog/2010/09/23/android-root-certification-authorities-list/ for obtaining a list of 2.3 certificates.
当只有根CA可用时,请确保您的网络服务器还根据请求提供中间证书。
When only the root CA is available make sure that your webserver also serves the intermediate certificates upon request.
这篇关于java.security.cert.CertPathValidatorException:找不到证书路径的信任锚。 Android 2.3的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!