When I connect to a server with an official SSL certificate, i get a
javax.net.ssl.SSLHandshakeException
java.security.cert.CertPathValidatorException: Trust Anchor for
certification path not found.
But when I run this app on an Android-phone, it works. Any solutions?
Best regards!
I found it out myself. Avast puts it own SSL certificate and Android does not trust this.
Related
I am trying to connect to my webserver with Android apps which are using okhttp. The webserver is using an SSL certificate signed by my own personal CA. The CA is added to the phone/tablet, but I get the following error:
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
The server contains the complete certificate chain. Should this work in principle? Does okhttp trust added personal CAs?
The https connection works without problems in the browser and other apps not using okhttp.
I encountered this error on Google Chrome on my Windows10.
I solved by installing the certificate and now is working fine.
How could I be sure the certificate is coming from Google and not from a Man-In-The-Middle, maybe due to some kind of malware for instance?
Thanks.
Google cert is issued by Google CA. Public cert is available on https://pki.google.com.
Does anyone know if it is possible to pass a client certificate to the SocketRocket library (square-bindings).... basically a handshake..
The answer is 'no'.
Turns out client certificate support has been removed. (deprecated)
I am trying to make websocket connection to a backend server that uses a self-signed certificate. In firefox I've added an exception for the self-signed cert.
However my websocket connection wss:// fails to connect. I get a close event with code 1006 which is a catch all code.
Chrome and IE websockets work. Since I am using windows, I've installed the cert using certmgr.exe as a trusted cert.
My guess right now is that firefox websockets do not work with certificate exceptions and need to be trusted.
Has this scenario worked for anyone else?
Just in case it could help anyone, what is mentioned in OP's answer is not true at this time of writing (v61.0.1).
I navigated to the address of my WS server using https, as any WS server is practically an HTTP server, then the usual invalid certificate screen appeared and allowed me to add an exception. After that any wss connection made to the same host and port is successful.
Firefox works with secure websockets (wss://) only when the certificate of the site is trusted.
With a self-signed certificate I was able to browse the site by adding an exception to the certificate. The exception is not used for websockets and the connection was dropped during the ssl handshake.
Instead I created my own Root CA cert and then another signed cert for the webserver. In Options > View Certificates > Authorities I imported the Root cert. Now firefox is able to connect over secure websockets without any issue.
Firefox does not allow for importing of self-signed certs as Authorities. Windows Certificate manager allows importing of self signed certs into the "Trusted Root Certificate Authorities" list.
after recent windows updates (Windows 7) - I'm getting error when verifying digital signature on some files.
The verification fails for Countersignature certificate:
Anyone has the same issue? Or maybe found a resolution?
Thanks,
Zahar
Looks like a connectivity issue - the CRL for some certificate can not be downloaded by he client. You need to inspect the certificates on the screenshot, check their properties and find CRL Distribution Point extension there. It's likely that you will find http://crl.verisign.com/tss-ca.crl there. Then you need to check if you can connect to this URL from the browser. If you can't, then the problem is either in the firewall or in some other network component.