Android Question [solved] WSS - Trust anchor for certification path not found.

Discussion in 'Android Questions' started by LucaMs, Jun 16, 2018.

Similar threads

B4A Library WebSocket Client Library
B4A Code Snippet [B4X] MQTT SSL and Self Signed Certificates
B4J Code Snippet [B4X] Trust all SSL Socket
B4A Question WSS SSL Issues
B4A Question SSL Websocket client
  1. LucaMs

    LucaMs Expert Licensed User

    I have a b4j websocket server certainly reachable from outside my network (I mean that I don't have problems with ports, firewalls, ...).

    I created the keystore as decribed in this tutorial (more precisely as described in wiki.eclipse... linked in that tutorial) and I get that error message:
    Trust anchor for certification path not found.

    Searching the forum I found SetCustomSSLTrustManager but I don't know how to use it and why I should use it (I can connect my device-b4a project to: wss://b4x.com:51041/smiley/ws).

    The server reads correctly the keystore file and the SSL configuration is correctly set.
    ' Note that the SslPort is correct, open and reachable.

    Private Sub ConfigureSSL (SslPort As Int)
    Dim ssl As SslConfiguration
    ssl.Initialize
    ssl.SetKeyStorePath(File.DirApp, "xxx.keystore")
    ssl.KeyStorePassword = "xxx"
    ssl.KeyManagerPassword = "xxx"
    srvr.SetSslConfiguration(ssl, SslPort)​
    End Sub
    It is placed in File.DirApp; my app connect to a "sub foder", of course, like: wss://[address]:[port]/xxxxxx, like in the "smiley" example.



    Thank you
     
    Last edited: Jun 16, 2018
  2. LucaMs

    LucaMs Expert Licensed User

    upload_2018-6-17_18-50-11.png

    I did not find enough documentation to create a TrustManager object, unfortunatey; but I found this question and the answer (but for B4i):

    Q) Is there somerhing similar in b4i to skip the certificate verification? I need it for websockets.

    A) Now there is one: https://www.b4x.com/android/forum/threads/updates-to-internal-libraries.48179/#post-558802
    WebSocket.SkipCertificateValidation property.


    SkipCertificateValidation is currently not available for b4a (currently? I hope :))
     
  3. LucaMs

    LucaMs Expert Licensed User

    hm... will have Google something to object if you use SkipCertificateValidation (if it will also be available for B4A) in your apps?
     
  4. Erel

    Erel Administrator Staff Member Licensed User

    You can use SetCustomSSLTrustManager with CustomTrustManager from the Net library to skip certificate validation.

    Most probably no.
     
    LucaMs likes this.
  5. LucaMs

    LucaMs Expert Licensed User

    I understood this but I had seen that initialization required directory and file name (certificate); I saw only at this moment that there is a second type of initialization, InitializeAcceptAll, I thought instead of having to initialize by passing a certificate (that I do not have) and only after set an AcceptAll.


    Thank you.
     
  6. LucaMs

    LucaMs Expert Licensed User

    I have to learn to write [solved] in the thread title (especially I have to remember to do it).
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice