Android的 - SSLPeerUnverifiedException连接到Web服务使用的SSL证书从Thawte CA时
我得到一个SSLPeerUnverifiedException
I'm getting an SSLPeerUnverifiedException: "No Peer Certificate" when connecting to a web service from my Android app which is hosted on a server with an SSL certificate by Thawte CA.
请记住,我的方式在我的头上是当它涉及到的东西服务器端,而是一串我已经看到了这对解决方案的SO涉及公然信任任何证书。大部分的解决方案都是从2010年 - 2011年初。
Please bear in mind that I'm in way over my head when it comes to the server side of things, but a bunch of solutions I've seen for this on SO involve blatantly trusting any certificate. Most of the solutions are from 2010-early 2011.
我有两个问题,具体是:
I have two questions, specifically:
- 如何/我在哪里可以检查是否Thawte的CA是Android信任的CA
- 如何解决这个问题?
谢谢!
对于任何人寻找一个答案:大量的时间花了这么冲刷后的互联网,我得知可能有两个可能的原因:
For anyone looking for an answer: After loads of time spent scouring SO and the internet, I learned that there could be two possible causes:
- 安装不当中间证书的(这是不是这里的情况)
- 证书链的顺序不正确(这是这里的情况)。
这真是帮了我的答案是由SO用户 BDC 在此线程:Apache HttpClient的Android上的生产CertPathValidatorException(发行者名称!=主旨名称)。
The answer that really helped me out was by SO user bdc on this thread: Apache HttpClient on Android producing CertPathValidatorException (IssuerName != SubjectName).
总之,他建议通过运行的OpenSSL的s_client.First -connect server.domain.com:443,以检查链条的顺序。运行在Mac上的终端这个命令与其中API托管的服务器的域名表明链顺序是不正确的。
In short, he suggested to check the chain ordering by running the "openssl s_client -connect server.domain.com:443". Running this command on Mac Terminal with the domain name of the server where the API was hosted showed that the chain ordering was incorrect.
在订货固定在服务器端,瞧!一切工作都OK!
Once the ordering was fixed on the server side, voila! Everything works A-OK!