Re: [android-developers] Server certificate validation - HTTPS

On Thu, Aug 4, 2011 at 1:06 AM, hhenne <hhenne@gmail.com> wrote:
> Hi,
>
> My first post to this list - I think.
>
> When calling a  payment service (HTTPS) from an Android 2.3 (Google
> Nexus S) mobile, I got an exception from validation of the server
> certificate. It is a valid certificate - no problem when calling the
> same service from an IPhone.
>

Valid and trusted are two different things. If the Android trust store
doesn't contain the issuer of the certificate, you will get an error.

> It seems to be a well known problem - googling for it, gives a lot of
> hits and also some suggestions how to solve it. I have tried a couple
> of them without success.

What have you tried? Basically you need to supply your own
trust store containing the issuer of the server certificate (and
any other certificates needed to form a full chain, if any)

> Now I'm asking this forum, and hope somebody
> will direct me to a working solution. It is OK, if it only works on
> 2.3, and I really don't need the validation at all.
>

Are you sure you don't need the validation? Is it OK ,
if the payments go to a third-party server instead of yours/
your partner's?

> W/System.err( 9056): Caused by: java.security.SignatureException:
> Signature was not verified

This actually sounds like a broken certificate, not a trust problem.
Can you post it somewhere?

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en