javax.net.ssl.SSLPeerUnverifiedException
IanWambai opened this issue · 4 comments
Chowder, cause I was dumb, contains a piece of code that effectively removes the protection of HTTPS from your connections. Fixing this and updating the dependency on Bintray asap.
Removing the trustEveryone() method leads to this: com.alexgilleran.icesoap.exception.SOAPException: javax.net.ssl.SSLPeerUnverifiedException: Hostname safaricom.co.ke not verified. So I need to find a way around this.
To solve this issue I had to manually verify Safaricom SSL certificates, which is exactly as painful as it sounds. Here are the steps I took:
- Download the entire SSL chain from safaricom.co.ke.
- Use KeystoreExplorer to convert the certificates into a Bouncy Castle KeyStore format, BKS, and add the keystore into the project.
- Get the raw resource, which contains the keystore with all the trusted certificates (root and any intermediate certs) the use Apache HttpComponents to create an SSLSocketFactory, that verifies the server certificate with
STRICT_HOSTNAME_VERIFIER. - Get an error I couldn't figure out for a few hours that was because the end-point I was using didn't have
www.
Publishing to the PlayStore will hopefully work now. Updating the version on Bintray.
Trust anchor for certification path not found
And did you use pure android
Trust anchor for certification .... Error