Android Question [solved] WSS - Trust anchor for certification path not found.

Similar threads

B4A Library WebSocket Client Library
B4A Code Snippet [B4X] MQTT SSL and Self Signed Certificates
B4J Code Snippet [B4X] Trust all SSL Socket
B4A Question WSS SSL Issues
B4A Question SSL Websocket client

LucaMs

Expert
Licensed User
I have a b4j websocket server certainly reachable from outside my network (I mean that I don't have problems with ports, firewalls, ...).

I created the keystore as decribed in this tutorial (more precisely as described in wiki.eclipse... linked in that tutorial) and I get that error message:
Trust anchor for certification path not found.

Searching the forum I found SetCustomSSLTrustManager but I don't know how to use it and why I should use it (I can connect my device-b4a project to: wss://b4x.com:51041/smiley/ws).

The server reads correctly the keystore file and the SSL configuration is correctly set.
' Note that the SslPort is correct, open and reachable.

Private Sub ConfigureSSL (SslPort As Int)
Dim ssl As SslConfiguration
ssl.Initialize
ssl.SetKeyStorePath(File.DirApp, "xxx.keystore")
ssl.KeyStorePassword = "xxx"
ssl.KeyManagerPassword = "xxx"
srvr.SetSslConfiguration(ssl, SslPort)​
End Sub
It is placed in File.DirApp; my app connect to a "sub foder", of course, like: wss://[address]:[port]/xxxxxx, like in the "smiley" example.



Thank you
 
Last edited:

LucaMs

Expert
Licensed User
Searching the forum I found SetCustomSSLTrustManager but I don't know how to use it and why I should use it (I can connect my device-b4a project to: wss://b4x.com:51041/smiley/ws).
upload_2018-6-17_18-50-11.png


I did not find enough documentation to create a TrustManager object, unfortunatey; but I found this question and the answer (but for B4i):

Q) Is there somerhing similar in b4i to skip the certificate verification? I need it for websockets.

A) Now there is one: https://www.b4x.com/android/forum/threads/updates-to-internal-libraries.48179/#post-558802
WebSocket.SkipCertificateValidation property.


SkipCertificateValidation is currently not available for b4a (currently? I hope :))
 

LucaMs

Expert
Licensed User
hm... will have Google something to object if you use SkipCertificateValidation (if it will also be available for B4A) in your apps?
 

Erel

Administrator
Staff member
Licensed User
You can use SetCustomSSLTrustManager with CustomTrustManager from the Net library to skip certificate validation.

will have Google something to object if you use SkipCertificateValidation
Most probably no.
 

LucaMs

Expert
Licensed User
You can use SetCustomSSLTrustManager with CustomTrustManager from the Net library to skip certificate validation.
I understood this but I had seen that initialization required directory and file name (certificate); I saw only at this moment that there is a second type of initialization, InitializeAcceptAll, I thought instead of having to initialize by passing a certificate (that I do not have) and only after set an AcceptAll.


Thank you.
 

LucaMs

Expert
Licensed User
I have to learn to write [solved] in the thread title (especially I have to remember to do it).
 
Top