java.security.cert.CertPathValidatorException：找不到证书路径的信任锚。 Android 2.3 [英] java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. Android 2.3

问题描述

在我的服务器（生产服务器）中，我有一个goDaddy ssl证书。
我有iOS和Android应用程序连接服务器，iOS连接没有问题，android连接版本4. *一切都很好，但设备有2.3。*我总是得到SSLHandshakeException。

In my server (production server), I have a goDaddy ssl certificate. I have both iOS and Android apps connecting with the server, iOS connecting with no problems, android with versions 4.* everything is good, but with devices with 2.3.* I always get a SSLHandshakeException.

我在Android开发者页面上完全赞同（ https://developer.android.com/training/articles/security-ssl.html 。

I did exactly like on Android Developers page (https://developer.android.com/training/articles/security-ssl.html).

我已经在stackoverflow中看到了类似的线程（ 此处）但没有正在帮助。

I already saw similar threads here in stackoverflow (here) but none is helping.

然后我看到这个主题讨论扩展密钥用法，但在调试时我得到以下信息：

Then I saw this thread talking about Extended Key Usage, but when debugging I get the following information:

[2]: OID: 2.5.29.37, Critical: false
Extended Key Usage: [ "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2" ]

所以我猜证书不是强制扩展密钥用法。

So I guess the certificate is not "forcing" Extended Key Usage.

同样在这个线程还有一些其他可能的原因，例如日期/时间完全错误，这是一切都不存在。

Also on this thread there are some other possible causes such as date/time being completly wrong, wich are all not existent.

考虑到这一点，我现在不知道问题出在哪里。

Taking that into consideration, I now don't know where the problem might be.

有任何建议吗？

编辑：
下面的StackTrace：

StackTrace below:

08-04 16:54:30.139: W/System.err(4832): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
08-04 16:54:30.149: W/System.err(4832):     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:161)
08-04 16:54:30.149: W/System.err(4832):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:664)
08-04 16:54:30.149: W/System.err(4832):     at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
08-04 16:54:30.159: W/System.err(4832):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:474)

推荐答案

看起来证书的发行人不在2.3设备的信托存储中。

It looks like the issuer of your certificate is not in the trust store of the 2.3 devices.

查看GoDaddy证书的根和中间ca，并检查2.3设备上是否存在证书。

Take a look at the root and intermediate ca's of your GoDaddy certificate and check whether the certificates are present on your 2.3 device.

参见 http://www.andreabaccega.com/blog/2010/09/23/android-root-certification-authorities-list/ 获取2.3证书列表。

See http://www.andreabaccega.com/blog/2010/09/23/android-root-certification-authorities-list/ for obtaining a list of 2.3 certificates.

当只有根CA可用时，请确保您的网络服务器还根据请求提供中间证书。

When only the root CA is available make sure that your webserver also serves the intermediate certificates upon request.

这篇关于java.security.cert.CertPathValidatorException：找不到证书路径的信任锚。 Android 2.3的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！