I've made an Android application that uses a X509 certificate (that is in the folder res/raw/mykeystore.bks) to sign to remote server that respond on the 9006 port.

the server ask me for a login (username, password).

when i make an HTTPGet i've the following exeption: org.apache.http.client.ClientProtocolException

Here is my implementation:

The main Activity:

public void onCreate(Bundle savedInstanceState) {
    Button b= (Button) findViewById(R.id.button1);
    b.setOnClickListener(new OnClickListener() {

        public void onClick(View v) {               
             CredentialsProvider credProvider = new BasicCredentialsProvider();
                credProvider.setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
                    new UsernamePasswordCredentials("rat#1", "rat"));
            HttpClient client = new MyHttpClient(getApplicationContext());
               ((AbstractHttpClient) client).setCredentialsProvider(credProvider);

               //final String url = "";
               final String url = "";
               HttpGet httpGet = new HttpGet(url);

               try {
                HttpResponse response = client.execute(httpGet);
            } catch (ClientProtocolException e) {
                // TODO Auto-generated catch block
            } catch (IOException e) {
                // TODO Auto-generated catch block


Custom Client Class:

public class MyHttpClient extends DefaultHttpClient {

final Context context;

public MyHttpClient(Context context) {
    this.context = context;

protected ClientConnectionManager createClientConnectionManager() {

        KeyStore trustStore = null;
            trustStore = KeyStore.getInstance("BKS");

        InputStream in = context.getResources().openRawResource(R.raw.mykeystore);
        try {
            // Initialize the keystore with the provided trusted certificates
            // Also provide the password of the keystore
            trustStore.load(in, "root01".toCharArray());
        } finally {



        SSLSocketFactory sf=null;

            sf = new MySSLSocketFactory(trustStore);


        HttpParams params = new BasicHttpParams();
        HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
        HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);

        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        registry.register(new Scheme("https", sf, 9006));
    return new SingleClientConnManager(params, registry);

My Customc SSLSoketFactory class:

public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");

public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {

    TrustManager tm = new X509TrustManager() {
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {

        public X509Certificate[] getAcceptedIssuers() {
            return null;

    sslContext.init(null, new TrustManager[] { tm }, null);

public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);

public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();

what's wrong in my application? What causes that Exception?

Thank you all!


I was looking better the exception:

cause= org.apache.http.auth.MalformedChallengeException: Authentication challenge is empty.


I've tryed to use this implementation with no difference, I've the same exception!

EDIT 3: I've replaced

 CredentialsProvider credProvider = new BasicCredentialsProvider();
                credProvider.setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
                    new UsernamePasswordCredentials("rat#1", "rat"));


with the base httpclient autentication, adding the header Authorization to the httpGet:

  httpGet.addHeader("Authorization", "Basic "+Base64.encodeToString("rat#1:rat".getBytes(),Base64.DEFAULT));

now the server send me this message:

HTTP/1.1 400 Bad Request 

the problem was the Authorization header.

We have to use:

httpGet.addHeader("Authorization", "Basic "+Base64.encodeToString("rat#1:rat".getBytes(),Base64.NO_WRAP));

Instead of:

httpGet.addHeader("Authorization", "Basic "+Base64.encodeToString("rat#1:rat".getBytes(),Base64.DEFAULT));

because the DEFAULT parameter add "CR" line terminator at the end of string and it's uncorrect if you'll use it that header.

