Android Question [solved] WSS - Trust anchor for certification path not found.

LucaMs

Expert
Licensed User
I have a b4j websocket server certainly reachable from outside my network (I mean that I don't have problems with ports, firewalls, ...).

I created the keystore as decribed in this tutorial (more precisely as described in wiki.eclipse... linked in that tutorial) and I get that error message:
Trust anchor for certification path not found.

Searching the forum I found SetCustomSSLTrustManager but I don't know how to use it and why I should use it (I can connect my device-b4a project to: wss://b4x.com:51041/smiley/ws).

The server reads correctly the keystore file and the SSL configuration is correctly set.
' Note that the SslPort is correct, open and reachable.

Private Sub ConfigureSSL (SslPort As Int)
Dim ssl As SslConfiguration
ssl.Initialize
ssl.SetKeyStorePath(File.DirApp, "xxx.keystore")
ssl.KeyStorePassword = "xxx"
ssl.KeyManagerPassword = "xxx"
srvr.SetSslConfiguration(ssl, SslPort)​
End Sub
It is placed in File.DirApp; my app connect to a "sub foder", of course, like: wss://[address]:[port]/xxxxxx, like in the "smiley" example.



Thank you
 
Last edited:

LucaMs

Expert
Licensed User
Searching the forum I found SetCustomSSLTrustManager but I don't know how to use it and why I should use it (I can connect my device-b4a project to: wss://b4x.com:51041/smiley/ws).

upload_2018-6-17_18-50-11.png


I did not find enough documentation to create a TrustManager object, unfortunatey; but I found this question and the answer (but for B4i):

Q) Is there somerhing similar in b4i to skip the certificate verification? I need it for websockets.

A) Now there is one: https://www.b4x.com/android/forum/threads/updates-to-internal-libraries.48179/#post-558802
WebSocket.SkipCertificateValidation property.


SkipCertificateValidation is currently not available for b4a (currently? I hope :))
 
Upvote 0

LucaMs

Expert
Licensed User
You can use SetCustomSSLTrustManager with CustomTrustManager from the Net library to skip certificate validation.
I understood this but I had seen that initialization required directory and file name (certificate); I saw only at this moment that there is a second type of initialization, InitializeAcceptAll, I thought instead of having to initialize by passing a certificate (that I do not have) and only after set an AcceptAll.


Thank you.
 
Upvote 0
Top