Handling custom SSL Certificates on Android and fixing SSLHandshakeException.

Jan Rabe
Jan Rabe
Mar 9, 2018 · 1 min read

In case you run into the dreaded SSLHandshakeException

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

There are the following possible causes


1. The CA that issued the server certificate was unknown
2. The server certificate wasn’t signed by a CA, but was self signed
3. The server configuration is missing an intermediate CA

For troubleshooting run

where we can see that there is a self signed certificate in certificate chain

depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
verify error:num=19:self signed certificate in certificate chain
verify return:0

There are 3 solutions to this:

  • Either fix server ssl certificates: have officially signed certificates and intermediate certificates in the entire certificate chain. In which case you’re done.
  • or use the specific server certificate during https calls
  • or trust all hosts (worst solution, never do this!)

First of all make sure to have the latest security provider installed using Google Play Service ProviderInstaller during app start by using Google’s gms plugin)

This method usually runs only during the very first app start.

But that won’t fix the issue of self-signed certificates.

This can be remedied by adding your server ssl certificate during https calls. For that you need to:

  1. Download ssl certificate from your server

2. and add certificate to your https client, in our case OkHttp which is usually used in retrofit.

Here is the helper to load your ssl certificate from your asset folder:

Jan Rabe

Written by

Jan Rabe

Android & Unity3D VR/AR Developer and Technocrat at Exozet https://github.com/kibotu

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade