ssl3 alert certificate unknown on Android studio to mosquitto broker

Question

First of all, sorry i'm not good English. and it's my first question.

I'm trying to connect android and Mosquitto-broker in windows with self-signed-certificate. I succeeded connect mosquitto-broker and mosquitto_pub with my self-signed-certificate( ca.crt , server.key , server.crt , client.key , client.crt )

broker config file :

port 8883
cafile : ~~~/ca.crt.pem
keyfile : ~~~/server.key.pem
certfile : ~~~/server.crt.pem
tls_version tlsv1.2
require_certificate true

publish command :

mosquitto_pub -h ~~ -p ~~ -t ~~ -m ~~ --cafile ~~/ca.crt.pem --key 
~~/client.key.pem --cert ~~/client.crt.pem

--> it works well

mosquitto_pub -h ~~ -p ~~ -t ~~ -m ~~ --cafile ~~/ca.crt.pem

--> it not works. i don't know why it doesn't work.

but, the important thing is i can't connect to android.

I've searched, android use .bks file to tls/ssl. so i tried to make .bks file with my files on above.

The order in which I created the file is .p12 -> .jks -> .bks

and these command :

.p12 : > openssl pkcs12 -export -in client.crt.pem -inkey client.key.pem -out client.p12 -certfile ca.crt.pem

.jks : > keytool -importkeystore -srckeystore client.p12 -srcstoretype pkcs12 -srcstorepass 123123 -destkeystore client.jks -deststoretype jks -deststorepass 123123 

.bks : > keytool -importkeystore -srckeystore client.jks -srcstoretype JKS -srcstorepass 123123 -destkeystore client.bks -deststoretype BKS-v1 -deststorepass 123123 -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk15on-162.jar 

my android code is

....
mqttAndroidClient = new MqttAndroidClient(this, "ssl://" + ipAdd.getText().toString() + ":" + port.getText().toString(), ClientID);
            try {
                /**/
                MqttConnectOptions options = new MqttConnectOptions();
                InputStream input = this.getApplication().getAssets().open("server.bks");
                options.setSocketFactory(new TLSSocketFactory(input, "123123"));

                IMqttToken token = mqttAndroidClient.connect(options); 
                token.setActionCallback(new IMqttActionListener() {
                    @Override
                    public void onSuccess(IMqttToken asyncActionToken) {
....

public class TLSSocketFactory extends SSLSocketFactory {

    private SSLSocketFactory internalSSLSocketFactory;

    public TLSSocketFactory(InputStream keyStore, String password) throws KeyManagementException, NoSuchAlgorithmException, IOException, CertificateException, KeyStoreException {
        KeyStore ts;
        ts = KeyStore.getInstance("BKS");
        ts.load(keyStore, password.toCharArray());
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
        tmf.init(ts);
        TrustManager[] tm = tmf.getTrustManagers();

        SSLContext context = SSLContext.getInstance("TLSv1.2");
        context.init(null, tm, null);
        internalSSLSocketFactory = context.getSocketFactory();
    }
....

Occured message on broker is

1564452813: OpenSSL Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown

I don't know what it mean

please help me the masters.

Answer 1

I found it!

the cause were not code and keys.

in my bundle dependencies part :

implementation 'org.eclipse.paho:org.eclipse.paho.client.mqttv3:1.2.1'

were the cause.

error is not occued below the mqttv3:1.2.1 version.

i don't know the difference both version.