java Android + SSL:错误不受信任的服务器证书
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12253372/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Android + SSL: Error Not Trusted Server Certificate
提问by e-info128
I have visited many places in order to solve this problem but not to do.
为了解决这个问题,我去过很多地方,但没有去做。
Android returns error when attempting an SSL connection "Not Trusted Server Certificate". https://google.cl/work, but https://autoservicio.movistar.cl/dont work :-/ My project:
尝试 SSL 连接“不受信任的服务器证书”时,Android 返回错误。 https://google.cl/工作,但https://autoservicio.movistar.cl/不工作:-/ 我的项目:
package com.drawcoders.saldomovistarchile;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import android.app.Activity;
import android.os.Bundle;
import android.widget.TextView;
public class SaldoMovistarChileActivity extends Activity {
TextView statusText;
/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
statusText = (TextView) findViewById(R.id.statusText);
login();
}
void login(){
try {
HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
DefaultHttpClient client = new DefaultHttpClient();
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier)hostnameVerifier);
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", socketFactory, 443));
SingleClientConnManager mngr = new SingleClientConnManager(client.getParams(), registry);
DefaultHttpClient httpClient = new DefaultHttpClient(mngr, client.getParams());
HttpPost post = new HttpPost("https://autoservicio.movistar.cl/login/loginTop");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(4);
nameValuePairs.add(new BasicNameValuePair("rut", "1000000"));
nameValuePairs.add(new BasicNameValuePair("dv", "0"));
nameValuePairs.add(new BasicNameValuePair("idRut", "10000000-0"));
nameValuePairs.add(new BasicNameValuePair("clave", "00000000"));
post.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse response = httpClient.execute(post);
// HttpResponse response = client.execute(post);
HttpEntity entity = response.getEntity();
String responseText = EntityUtils.toString(entity);
statusText.setText("Finalizado!");
} catch (UnsupportedEncodingException e) {
statusText.setText("Error: " + e.getMessage().toString());
} catch (ClientProtocolException e) {
statusText.setText("Error: " + e.getMessage().toString());
} catch (IOException e) {
statusText.setText("Error: " + e.getMessage().toString());
}
}
}
Thanks :)
谢谢 :)
采纳答案by Martin Gallagher
It appears (judging off my Android device: Galaxy Nexus, Android 4.1.1) that the CA root certificate(s) used for the domain autoservicio.movistar.clare not provided on this version of Android and probably versions prior to 4.1.1.
看来(根据我的 Android 设备:Galaxy Nexus,Android 4.1.1)此版本的 Android 上不提供用于域autoservicio.movistar.cl的 CA 根证书,并且可能是 4.1.1 之前的版本.
For sites you trust try the solutions provided here: Trusting all certificates using HttpClient over HTTPS
对于您信任的站点,请尝试此处提供的解决方案:通过 HTTPS 使用 HttpClient 信任所有证书
回答by PhilR
The website, https://autoservicio.movistar.cldoes not return an intermediate certificate so the client can not build a chain to a trusted root. Firefox gives an error also.
网站https://autoservicio.movistar.cl不返回中间证书,因此客户端无法构建到受信任根的链。Firefox 也会报错。
This SSL checker shows that only the server certificate is returned:
此 SSL 检查器显示仅返回服务器证书:
http://certlogik.com/ssl-checker/autoservicio.movistar.cl
http://certlogik.com/ssl-checker/autoservicio.movistar.cl
The missing intermediate certificate is this one:
缺少的中间证书是这个:
CN = VeriSign Class 3 International Server CA - G3,OU = Terms of use at https://www.verisign.com/rpa(c)10,OU = VeriSign Trust Network,O = "VeriSign, Inc.",C = US
CN = VeriSign Class 3 International Server CA - G3,OU = https://www.verisign.com/rpa(c)10,OU = VeriSign Trust Network,O = "VeriSign, Inc.",C = 使用条款我们
-----BEGIN CERTIFICATE----- MIIGKTCCBRGgAwIBAgIQZBvoIM4CCBPzLU0tldZ+ZzANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBvDEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMtVmVy aVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdacYvAV9IGaQQhZjxOdF8mfUdza sVLv/+NB3eDfxCjG4615HycQmLi7IJfBKERBD+qpqFLPTU4bi7u1xHbZzFYG7rNV ICreFY1xy1TIbxfNiQDk3P/hwB9ocenHKS5+vDv85burJlSLZpDN9pK5MSSAvJ5s 1fx+0uFLjNxC+kRLX/gYtS4w9D0SmNNiBXNUppyiHb5SgzoHRsQ7AlYhv/JRT9Cm mTnprqU/iZucff5NYAclIPe712mDK4KTQzfZg0EbawurSmaET0qO3n40mY5o1so5 BptMs5pITRNGtFghBMT7oE2sLktiEuP7TfbJUQABH/weaoEqOOC5T9YtRQIDAQAB o4ICFTCCAhEwEgYDVR0TAQH/BAgwBgEB/wIBADBwBgNVHSAEaTBnMGUGC2CGSAGG +EUBBxcDMFYwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9j cHMwKgYIKwYBBQUHAgIwHhocaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTAO BgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDov L2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYDVR0lBC0wKwYIKwYBBQUH AwEGCCsGAQUFBwMCBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wNAYDVR0f BC0wKzApoCegJYYjaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy1nNS5jcmww KAYDVR0RBCEwH6QdMBsxGTAXBgNVBAMTEFZlcmlTaWduTVBLSS0yLTcwHQYDVR0O BBYEFNebfNgioBX33a1fzimbWMO8RgC1MB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ 80M5+gKvMzEzMA0GCSqGSIb3DQEBBQUAA4IBAQBxtX1zUkrd1000Ky6vlEalSVAC T/gvF3DyE9wfIYaqwk98NzzURniuXXhv0bpavBCrWDbFjGIVRWAXIeLVQqh3oVXY QwRR9m66SOZdTLdE0z6k1dYzmp8N5tdOlkSVWmzWoxZTDphDzqS4w2Z6BVxiEOgb Ett9LnZQ/9/XaxvMisxx+rNAVnwzeneUW/ULU/sOX7xo+68q7jA3eRaTJX9NEP9X +79uOzMh3nnchhdZLUNkt6Zmh+q8lkYZGoaLb9e3SQBb26O/KZru99MzrqP0nkzK XmnUG623kHdq2FlveasB+lXwiiFm5WVu/XzT3x7rfj8GkPsZC9MGAht4Q5mo -----END CERTIFICATE-----
----- BEGIN CERTIFICATE ----- MIIGKTCCBRGgAwIBAgIQZBvoIM4CCBPzLU0tldZ + ZzANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBvDEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMtVmVy aVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdacYvAV9IGaQQhZjxOdF8mfUdza sVLv / + + NB3eDfxCjG4615HycQmLi7IJfBKERBD qpqFLPTU4bi7u1xHbZzFYG7rNVICreFY1xy1TIbxfNiQDk3P / hwB9ocenHKS5 + vDv85burJlSLZpDN9pK5MSSAvJ5s 1fx + 0uFLjNxC + kRLX / gYtS4w9D0SmNNiBXNUppyiHb5SgzoHRsQ7AlYhv / JRT9Cm mTnprqU / iZucff5NYAclIPe712mDK4KTQzfZg0EbawurSmaET0qO3n40mY5o1so5 BptMs5pITRNGtFghBMT7oE2sLktiEuP7TfbJUQABH / weaoEqOOC5T9YtRQIDAQAB o4ICFTCCAhEwEgYDVR0TAQH / BAgwBgEB / wIBADBwBgNVHSAEaTBnMGUGC2CGSAGG + EUBBxcDMFYwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9j cHMwKgYIKwYBBQUHAgIwHhocaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTAO BgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv Z2lmMCEwHzAHBgUrDgMCGgQUj + XTGoasjY5rw8 + AatRIGCx7GS4wJRYjaHR0cDov L2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYDVR0lBC0wKwYIKwYBBQUH AwEGCCsGAQUFBwMCBglghkgBhvhCBAEGCmCGSAGG + EUBCAEwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy1nNS5jcmww KAYDVR0RBCEwH6QdMBsxGTAXBgNVBAMTEFZlcmlTaWduTVBLSS0yLTcwHQYDVR0O BBYEFNebfNgioBX33a1fzimbWMO8RgC1MB8GA1UdIwQYMBaAFH / TZafC3ey78DAJ 80M5 + gKvMzEzMA0GCSqGSIb3DQEBBQUAA4IBAQBxtX1zUkrd1000Ky6vlEalSVAC T / gvF3DyE9wfIYaqwk98NzzURniuXXhv0bpavBCrWDbFjGIVRWAXIeLVQqh3oVXY QwRR9m66SOZdTLdE0z6k1dYzmp8N5tdOlkSVWmzWoxZTDphDzqS4w2Z6BVxiEOgb Ett9LnZQ / 9 / XaxvMisxx + rNAVnwzeneUW / ULU / sOX7xo + 68q7jA3eRaTJX9NEP9X + 79uOzMh3nnchhdZLUNkt6Zmh + q8lkYZGoaLb9e3SQBb26O / KZru99MzrqP0nkzK XmnUG623kHdq2FlveasB + lXwiiFm5WVu / XzT3x7rfj8GkPsZC9MGAht4Q5mo ----- END CERTIFICATE -----T / gvF3DyE9wfIYaqwk98NzzURniuXXhv0bpavBCrWDbFjGIVRWAXIeLVQqh3oVXY QwRR9m66SOZdTLdE0z6k1dYzmp8N5tdOlkSVWmzWoxZTDphDzqS4w2Z6BVxiEOgb Ett9LnZQ / 9 / XaxvMisxx + rNAVnwzeneUW / ULU / sOX7xo + 68q7jA3eRaTJX9NEP9X + 79uOzMh3nnchhdZLUNkt6Zmh + q8lkYZGoaLb9e3SQBb26O / KZru99MzrqP0nkzK XmnUG623kHdq2FlveasB + lXwiiFm5WVu / XzT3x7rfj8GkPsZC9MGAht4Q5mo ----- END CERTIFICATE -----T / gvF3DyE9wfIYaqwk98NzzURniuXXhv0bpavBCrWDbFjGIVRWAXIeLVQqh3oVXY QwRR9m66SOZdTLdE0z6k1dYzmp8N5tdOlkSVWmzWoxZTDphDzqS4w2Z6BVxiEOgb Ett9LnZQ / 9 / XaxvMisxx + rNAVnwzeneUW / ULU / sOX7xo + 68q7jA3eRaTJX9NEP9X + 79uOzMh3nnchhdZLUNkt6Zmh + q8lkYZGoaLb9e3SQBb26O / KZru99MzrqP0nkzK XmnUG623kHdq2FlveasB + lXwiiFm5WVu / XzT3x7rfj8GkPsZC9MGAht4Q5mo ----- END CERTIFICATE -----
