-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found #32
Comments
Hi @TommyJ1994, I have the same problem, any news? |
@Giovanni-94 @Allan-Nava Looking 👀 |
Is your Keycloak server running locally/over HTTP? I think this might cause issues as we require HTTPS for performing the authentication (namely for the token exchange). @Giovanni-94 does this happen on app start, any other errors/stack traces? |
Actually, I think I know what the issue is. We are performing certificate pinning in our app. You might want to update the URL/pins defined in this file: https://github.com/feedhenry/mobile-security-android-template/blob/master/app/src/main/res/xml/network_security_config.xml
|
Hi @TommyJ1994 , This is the hostname? |
@Giovanni-94 Yes, that's the one. |
Thanks @TommyJ1994, the logcat give me this errors:
|
@Giovanni-94 Ok so this the certificate pinning is failing. It means that the cert info on the client, doesn't match the one presented by the server. For your primary pin (https://github.com/feedhenry/mobile-security-android-template/blob/master/app/src/main/res/xml/network_security_config.xml#L7) have you set this value? |
Yes @TommyJ1994. Below you find the screenshot: |
@Giovanni-94 Can you double check that the hostname you are getting the pin is actually for the Keycloak server? You can use https://www.ssllabs.com/ssltest/index.html to easily get the pin. Just enter in the hostname, after a few seconds click the first link to your server, and at the top of the page there will be a PIN-SHA256 specified. |
Thanks a lot @TommyJ1994, I solved my problem |
Great News @Giovanni-94, I will close this issue now. 🎉 |
how? |
how ??? |
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. |
Hmmm. Certificates for server checked and correct. tested on hardware android ... How can we solve it ? |
Hi @TommyJ1994,
thanks for this template. I changed the file json for my configuration, and I set the Valid Redirect URIs in my keycloak with:
com.feedhenry.securenativeandroidtemplate:/callback
.When I run the template, Android Studio give me this exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
Can you tell me something?
Thanks in advance
The text was updated successfully, but these errors were encountered: