Handling custom SSL Certificates on Android and fixing SSLHandshakeException.
In case you run into the dreaded SSLHandshakeException
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
There are the following possible causes
1. The CA that issued the server certificate was unknown
2. The server certificate wasn’t signed by a CA, but was self signed
3. The server configuration is missing an intermediate CA
For troubleshooting run
where we can see that there is a self signed certificate in certificate chain
depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
verify error:num=19:self signed certificate in certificate chain
There are 3 solutions to this:
- Either fix server ssl certificates: have officially signed certificates and intermediate certificates in the entire certificate chain. In which case you’re done.
- or use the specific server certificate during https calls
- or trust all hosts (worst solution, never do this!)
This method usually runs only during the very first app start.
But that won’t fix the issue of self-signed certificates.
This can be remedied by adding your server ssl certificate during https calls. For that you need to:
- Download ssl certificate from your server
Here is the helper to load your ssl certificate from your asset folder: