javax.net.ssl.SSLHandshakeException？

Question

我正在嘗試使用HTTPS連接（UrlHttpsConnection類）連接到WCF服務器，並始​​終收到錯誤“找不到證書路徑的信任錨”。 我在網上找到了數千個有關該問題的示例，但沒有什么對我有真正的幫助。

我的WCF服務使用由內部CA簽名的證書，該證書已添加到我的智能手機上的受信任CA列表中。 如果我在智能手機上從Chrome調用了URL https：// myserver / myservice / test ，則不再發出警告，該證書被視為有效。 從我的應用程序中，我不斷收到錯誤消息。

您知道為什么我的應用程序不認為服務器證書有效，而Chrome瀏覽器卻有效嗎？ 我該如何解決？

出於安全原因，我不想忽略SSL驗證。

預先感謝您的建議。

Answer 1

嘗試這種方式，但我使用了API調用的改造。

  public class ApiClient {
//public final static String BASE_URL = "https://prod.appowiz.com/app/services/";
public final static String BASE_URL_SECURE = "Pass your url";

public static ApiClient apiClient;

private Retrofit retrofit = null;
private static Retrofit storeRetrofit = null;

public Retrofit getClient(Context context) {
    HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
    interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
    OkHttpClient client = new OkHttpClient.Builder().addInterceptor(interceptor).build();

    retrofit = new Retrofit.Builder()
            .baseUrl(BASE_URL_SECURE)
            .addConverterFactory(GsonConverterFactory.create())
            .client(client)
            .build();


    return retrofit;
}
 public static Retrofit getStore() {
    if (storeRetrofit == null) {
        final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
            @Override
            public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {

            }


            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {

            }


            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {

                return new java.security.cert.X509Certificate[0];
            }
        }};

        // Install the all-trusting trust manager
        final SSLContext sslContext;
        HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
        interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
        try {
            sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
            final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
            final OkHttpClient okHttpClient = new OkHttpClient.Builder()
                    .addInterceptor(interceptor)
                    .connectTimeout(10, TimeUnit.SECONDS)
                    .writeTimeout(10, TimeUnit.SECONDS)
                    .readTimeout(30, TimeUnit.SECONDS)
                    .sslSocketFactory(sslSocketFactory).hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
                    .build();
            storeRetrofit = new Retrofit.Builder()
                    .baseUrl(BASE_URL_SECURE)
                    .addConverterFactory(GsonConverterFactory.create())
                    .client(okHttpClient)
                    .build();


        } catch (NoSuchAlgorithmException | KeyManagementException e1) {
            CustomLogHandler.printErrorlog(e1);
        }

    }

    return storeRetrofit;
}

用於api調用create接口。

public interface ApiInterface {

@POST("device/add_device_name")
Call<AddDeviceNameVo> addDeviceName(@Body JsonObject body);

 }

像這樣將api稱為活動或片段。

        apiInterface = ApiClient.getStore().create(ApiInterface.class);