在Android中添加自签名证书时出错

时间:2016-06-17 05:21:24

标签: android ssl ssl-certificate self-signed

我尝试使用改造并按照此网站上的说明从Android设置自签名证书:https://adiyatmubarak.wordpress.com/2016/01/19/adding-ssl-certificate-to-retrofit-2/

完成后,我收到以下错误:

 06-17 00:36:01.574 9898-9898/com.creardigitalm.samsungconciergeargentina     
    E/checkIfS7OrS7EdgeByModel: onFailure: Hostname ec2-54-187-245-213.us-west-2.compute.amazonaws.com not verified:certificate:sha1/x+YzLQ11jAtlgEG6qJg8W9cqp/k=
    DN:1.2.840.113549.1.9.1=#161e6c7569732e6a6172616d696c6c6f40637265617264697469616c2e636f6d,CN=54.187.245.213,OU=IT,O=Crear Digital,L=Cali,ST=Valle del Cauca,C=co
    subjectAltNames: []
    javax.net.ssl.SSLPeerUnverifiedException: Hostname ec2-54-187-245-213.us-west-2.compute.amazonaws.com not verified:
    certificate: sha1/x+YzLQ11jAtlgEG6qJg8W9cqp/k=
    DN:1.2.840.113549.1.9.1=#161e6c7569732e6a6172616d696c6c6f40637265617264697469616c2e636f6d,CN=54.187.245.213,OU=IT,O=Crear Digital,L=Cali,ST=Valle del Cauca,C=co subjectAltNames: []
    at okhttp3.internal.io.RealConnection.connectTls(RealConnection.java:197)
    at okhttp3.internal.io.RealConnection.connectSocket(RealConnection.java:145)
    at okhttp3.internal.io.RealConnection.connect(RealConnection.java:108)
    at okhttp3.internal.http.StreamAllocation.findConnection(StreamAllocation.java:188)
    at okhttp3.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:127)
    at okhttp3.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
    at okhttp3.internal.http.HttpEngine.connect(HttpEngine.java:289)
    at okhttp3.internal.http.HttpEngine.sendRequest(HttpEngine.java:241)
    at okhttp3.RealCall.getResponse(RealCall.java:240)
    at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:198)
    at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:160)
    at okhttp3.RealCall.access$100(RealCall.java:30)
    at okhttp3.RealCall$AsyncCall.execute(RealCall.java:127)
    at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:33)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
    at java.lang.Thread.run(Thread.java:818)

如果有人能帮助我,我感激不尽。

1 个答案:

答案 0 :(得分:0)

您可以关注Android documentation。查看标题为" Unknown certificate authority"的部分。和" Self-signed server certificate"。

您将要做的是将自签名证书存储在应用程序的捆绑包中,然后使用Android来信任新的自签名证书。以下是其文档中提到的步骤。

  1. 从InputStream加载CA
  2. 创建包含受信任CA的KeyStore
  3. 创建一个信任我们的KeyStore中的CA的TrustManager
  4. 创建使用我们的TrustManager的SSLContext
  5. 告诉URLConnection使用SSLContext中的SocketFactory
  6. 您可以找到代码here