Skip to content

Instantly share code, notes, and snippets.

@nowke
Last active May 21, 2024 03:49
Show Gist options
  • Select an option

  • Save nowke/75037c42171d9ea5ce87a49a982c4c39 to your computer and use it in GitHub Desktop.

Select an option

Save nowke/75037c42171d9ea5ce87a49a982c4c39 to your computer and use it in GitHub Desktop.
Retrofit - OkHTTP Connect to Self signed SSL Enabled Server: (Fix for CertPathValidatorException: Trust Anchor for certificate path not found) - Self Signing Client Bulider for Retrofit OkHTTP
public class MainActivity extends AppCompatActivity {
Retrofit retrofit;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
/*
Rest
*/
initNetwork();
}
private void initNetwork() {
retrofit = new Retrofit.Builder()
.baseUrl(Constants.API_BASE_URL)
.addConverterFactory(GsonConverterFactory.create())
.client(SelfSigningClientBuilder.createClient(this))
.build();
/*
*Do the rest of Retrofit work
*/
}
}
import android.annotation.SuppressLint;
import android.content.Context;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
public class SelfSigningClientBuilder {
public static OkHttpClient createClient(Context context) {
OkHttpClient client = null;
CertificateFactory cf = null;
InputStream cert = null;
Certificate ca = null;
SSLContext sslContext = null;
try {
cf = CertificateFactory.getInstance("X.509");
cert = context.getResources().openRawResource(R.raw.my_cert); // Place your 'my_cert.crt' file in `res/raw`
ca = cf.generateCertificate(cert);
cert.close();
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
client = new OkHttpClient.Builder()
.sslSocketFactory(sslContext.getSocketFactory())
.build();
} catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException | KeyManagementException e) {
e.printStackTrace();
}
return client;
}
}
@uyipeace2014

Copy link
Copy Markdown

it return Null value for client

@Kaz32

Kaz32 commented Oct 24, 2017

Copy link
Copy Markdown

Hi I got file *.crt and *.key , should *.key file also implemented?

@bhargavcode

Copy link
Copy Markdown

Hi,
Developers
where can i get .crt file in my mac?
please give a response.

@keshavgera

Copy link
Copy Markdown

Hi,
Developers
where can i get .crt file in my Windows ?
please give a response.

@VinayakMoger

Copy link
Copy Markdown

Hello,
Please suggest me to get .crt file

@4sskick

4sskick commented May 21, 2024

Copy link
Copy Markdown

@VinayakMoger @keshavgera @bhargavcode the .crt file is from server which is the public certificate containing the key. You could ask your web developer for that one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment