6

I'm using the BouncyCastle provider and Apache HttpClient to trust an SSL certificate, as described by Antoine Hauck here.

The app I've made targets Android 1.5, and works fine on the emulator and a device running 3.0. However, when I try to test it on 2.2 (Galaxy S), an SSLException, "Not trusted Server Certificate", occurs.

Since there's no errors complaining about BouncyCastle itself, I'm assuming the device is not reading the certificates properly from the .bks file. Is what I'm attempting possible using BouncyCastle on Android version 2.2, or does something just need to be altered from the working 3.0 app?

Update

When I tried to run the app again today, it worked correctly the first time. I've tried it several times now, and it sometimes runs properly but sometimes still gets the SSLException. There doesn't seem to be any pattern to when this occurs - it might work a few times in a row and then fail repeatedly.

caroline
  • 291
  • 5
  • 12

1 Answers1

2

Could be the provider of the certificate is not trusted, try checking trusted providers

Dr.
  • 167
  • 3
  • 11
  • The provider should be trusted because the certificates have been added to a keystore which should be trusted by the app. There are no problems with the certificates/keystore themselves because the app works on an emulator and a 3.0 device. – caroline Jul 17 '11 at 15:40
  • Nevertheless I would take the Doctor's advice because that what that error message means. Check the certificate chain sent by the server and your truststore very carefully. It is likely that something is missing, like an intermediate certificate perhaps. – President James K. Polk Jul 17 '11 at 17:02
  • The certificate path contains the root cert, an intermediate one, and the website certificate. I'm certain the truststore has both the root and intermediate certs, could the app require that the website cert is also included? – caroline Jul 18 '11 at 08:05