您的位置: 首页  >  技术问答  >  使用digicert更新服务器中的证书后,Android ssl证书错误

使用digicert更新服务器中的证书后,Android ssl证书错误

分类: 技术问答 2022-06-05 20:56:38
问题描述:

我一直在原始文件夹下的android应用程序中使用服务器团队提供的ssl证书密钥.最初运行良好.

I have been using the ssl certificate key provided by the server team in android application under raw folder.It was working fine initially.

     CertificateFactory cf = CertificateFactory.getInstance("X.509");

        InputStream caInputMmx = new BufferedInputStream(this.getAssets().open("123.crt"));
        Certificate caMmx = cf.generateCertificate(caInputMmx);
        String keyStoreType = KeyStore.getDefaultType();
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("caMmx", caMmx);
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, tmf.getTrustManagers(), null);
        client.setSslSocketFactory(context.getSocketFactory());

几天后,证书过期,服务器团队更新了该证书.从那时起,我们的android应用程序停止工作并出现以下异常

After some days ,the certificate got expired and the server team renewed the certificate.From that point of time our android application stopped working with below exception

com.android.volley.NoConnectionError:javax.net.ssl.SSLHandshakeException:java.security.cert.CertPathValidatorException:找不到证书路径的信任锚.

在使用服务器上的新续订证书时,我们的应用程序可以正常工作.是否有任何解决方法可从服务器上修复此问题,而不是每次都在应用程序中更新新证书?因为如果用户不更新应用程序,我们的应用程序将无法正常工作.因此,有什么方法可以解决此问题,而不是每次证书过期时都在应用程序中更新证书.

On using the new renewed certificate from server our application works fine .Is there any workaround to fix this from server rather updating the new certificate in application every time ? Because if the user does not update the application , our app is not going to work. So is there any way to solve this issue instead of updating the cert in application every time if the certificate is expired .

评论后,提供一些其他信息.

After comments , providing some additional informations .

密钥库:我正在使用默认密钥库.CA:我使用的是DigigicertCA.这些家伙值得信赖.

Keystore : I am using default keystore . CA : I am using digicert CA.These guys are trusted .

这种问题通常是由缺少链证书引起的.针对 SSLLabs 检查您的网站,并查找链不完整的报告.请注意,Chrome之类的桌面浏览器可能仍能正常工作,因为它们会缓存早期连接中的链证书,有时甚至会主动尝试从互联网上检索丢失的链证书.

This kind of problem is often caused by a missing chain certificate. Check your site against SSLLabs and look for reports of incomplete chain. Note that desktop browser like Chrome might still work because they cache chain certificates from earlier connections and sometimes even actively try to retrieve missing chain certificates from the internet.

相关推荐