javaandroidsecuritysslsymantec

Symantec Certificate not found on Android


I've got an Android App trying to send HTTPS Requests to a server having a Symantec Class 3 Secure Server CA - G4 signed certificate. When trying to send a request via the apache http library (I guess this is also true for other HTTP clients) an exception stating "No peer certificate" is thrown. The same requests to the same servers on iOS work fine and even if I connect to the server in chrome, running on the same Android device I'm testing on, it says the certificate is perfectly fine.

Now I heard that Google dropped trust for some Symantec certificates, but as far as I know only the ones with a 1024 bit key. The one in question is signed with a 2048 bit key. And Chrome also accepts it!

I also found this article [1] saying that I need to import the complete keychain as BouncyCastle keystore. The problem here is, that every user specifies the url to their own server, managing their own certificates.

So my question is: Is anybody familiar with this problem and knows a workaround? I found endless of guides showing me how to turn of certificate validation for a request ... but that won't be a solution working for me.

[1] http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/


Solution

  • The problem I actually had was that the server required SNI (Server Name Indication) support on the HTTP client. Androids version of the apache http library does not support SNI. So I had to write my own SSLSocketFactory supporting it.