Lost ability to connect to my HTTPS site from Android application: Trust anchor for certification path not found

from–https://stackoverflow.com/questions/68065697/lost-ability-to-connect-to-my-https-site-from-android-application-trust-anchor

Asked 
Viewed 374 times

0

I have two mobile applications, which access my site https://example.com from inside. Recently, I have prolonged certificate for one year and replaced it on nginx’ config.

Now web browsers open site well, iOS application opens site well, but Android application doesn’t open it saying

Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

with the code

    myUrl = URL("https://example.com")
    try {
        conn = myUrl.openConnection() as HttpsURLConnection
        conn.readTimeout = 10000
        conn.connectTimeout = 15000
        conn.requestMethod = "POST"
        conn.doInput = true
        conn.doOutput = true
        conn.setChunkedStreamingMode(0)


        val postData = URLEncoder.encode(...

        val os = conn.outputStream

What it wants and how to fix?


Reinstall doesn’t help. Running under debugger shows this error.

1 Answer

0

It was a problem with certificate on my site, not in the application. By some reason, only Android application was sesitive to this problem. iOS application and all web browsers were reporting certificate is ok. SSL check sites like digicert.com were reporting chain problems.

What I did is I took this file pointed by nginx

ssl_certificate /etc/ssl/certs/my_certificate.crt;

which had only one certificate inside and then pasted two other certificates from my provider. These additional certificates were entitled “root” and “intermediate”.

After that problem was gone.

上一篇
下一篇