Webrtc Android native CertPathValidatorException

Question

I can't connect to my website build from source code of appr.tc:

I'm building app android at https://webrtc.org/native-code/android/

Description

My chrome can connect ok with my apprtc website, but in android error: CertPathValidatorException cannot find path of cert file. My apprtc room website also using https with trusted CA, It uses stunnel for change from http to https with cert file, chrome is no error with this cert file.

Steps to reproduce

change default url from appr.tc to my website and connect

Expected results connect ok

Actual results error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Log

2019-04-06 11:43:39.185 27930-28277/org.appspot.apprtc E/Conscrypt: Serial Number: wdadsadsasadsa234333434324323433 2019-04-06 11:43:39.186 27930-28277/org.appspot.apprtc E/Conscrypt: SubjectDN:
CN=www.mywebsite.com, OU=PositiveSSL, OU=Domain Control Validated 2019-04-06 11:43:39.188 27930-28277/org.appspot.apprtc E/Conscrypt: IssuerDN: CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB 2019-04-06 11:43:39.190 27930-28277/org.appspot.apprtc E/Conscrypt: Get not before: Mon Mar 04 07:00:00 GMT+07:00 2019 2019-04-06 11:43:39.191 27930-28277/org.appspot.apprtc E/Conscrypt: Get not after: Wed Mar 04 06:59:59 GMT+07:00 2020 2019-04-06 11:43:39.191 27930-28277/org.appspot.apprtc E/Conscrypt: Sig ALG name:
SHA256withRSA 2019-04-06 11:43:39.192 27930-28277/org.appspot.apprtc E/Conscrypt: Signature:
-sadsadsadsa4545434esadfsadfdsfsadsadsadsae5435434e54 2019-04-06 11:43:39.268 27930-28277/org.appspot.apprtc E/Conscrypt: Public key:
 44 d2 ec b9 7b 85 a6 b8 f6 92 91 29 df a3 4e 18 d9 8c be f2
 82 01 0f 00 30 82 01 0a 02 82 01 01 00 aa 0b 5d b6 7c 81 fc
 58 20 d3 51 da b3 75 0a c0 64 04 8a 15 d1 90 fe fd d9 db 42
 44 d2 ec b9 7b 85 a6 b8 f6 92 91 29 df a3 4e 18 d9 8c be f2
 c3 d2 c9 2c 82 21 33 ae 11 eb 93 01 1a df 91 d0 b5 c1 23 c9
 44 d2 ec b9 7b 85 a6 b8 f6 92 91 29 df a3 4e 18 d9 8c be f2
 44 d2 ec b9 7b 85 a6 b8 f6 92 91 29 df a3 4e 18 d9 8c be f2
 96 53 c1 91 bf d7 e8 7b cb 75 1e f5 9a de 05 c3 c7 cd 35 d6
 7c 9d bb 10 c0 8c f8 5a 1d d3 bf ef a5 00 3c 50 5e 26 a3 00
 44 d2 ec b9 7b 85 a6 b8 f6 92 91 29 df a3 4e 18 d9 8c be f2
 44 d2 ec b9 7b 85 a6 b8 f6 92 91 29 df a3 4e 18 d9 8c be f2
 b6 7d 8a b6 a7 60 2e bd ff 69 f2 f4 b7 2b 22 af d7 5d 36 52
 a6 c4 61 69 a4 86 c7 fa 79 07 b8 e6 e5 28 68 65 81 a0 a5 73
 44 d2 ec b9 7b 85 a6 b8 f6 92 91 29 df a3 4e 18 d9 8c be f2
 38 5b ee e6 68 fd 8c 67 2d 02 03 01 00 01 2019-04-06 11:43:39.277 27930-28277/org.appspot.apprtc E/RoomRTCClient: Room connection error:
HTTP POST to https://mywebsite.com/join/12345699 error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 2019-04-06 11:43:39.277 27930-28277/org.appspot.apprtc E/WSRTCClient: HTTP POST to https://mywebsite.com/join/12345699 error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Test your webserver with https://www.ssllabs.com/ssltest If your CA is trusted on Android I assume that your sever is missing to send also the intermediate CA certificates. This may prevent Android form correctly verifying the cert of your site. — Robert, Apr 06 '19 at 12:42
omg I forgot intermediate CA certificates in my crt file, thank you very much — nobjta_9x_tq, Apr 06 '19 at 17:34

score 0 · Answer 1 · answered Apr 06 '19 at 17:35

Thank you Robert, I resolved issue when take a look at crt file of stunnel config and add intermediate CA certificates following: https://serverfault.com/questions/254795/how-do-i-ensure-that-stunnel-sends-all-intermediate-ca-certs/254804#254804

Now this error dissapeared.

Webrtc Android native CertPathValidatorException

1 Answers1