最近新开了个项目,一直用内网http的IP,今天后台给了个外网的https的IP,替换上以后运行到手机上竟然无法访问到数据:
【报错内容】
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
【问题原因】
由于项目的https.bks证书不是正规的CA签发的证书,而是二级代理商等签发的证书,验证不通过造成的。
【解决办法】
方案一(这是最根本的解决办法):
step1:获取正规合法的https证书
step2:让后台上传或者存在assets中,进行应用验证
方案二:
step1:需要在获取sslParams时,修改并自定义TrustManager为trustAllCerts,如下:
import java.security.SecureRandom; import java.security.cert.X509Certificate; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; /** * 处理SSL握手(信任所有证书) */ public static void handleSSLHandshake() { try { TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } @Override public void checkClientTrusted(X509Certificate[] certs, String authType) { } @Override public void checkServerTrusted(X509Certificate[] certs, String authType) { } }}; SSLContext sc = SSLContext.getInstance("TLS"); //信任所有的证书 sc.init(null, trustAllCerts, new SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); } catch (Exception e) { e.printStackTrace(); } }
step2:在继承的Application类里面onCreate()方法中调用下面方法忽略https的证书校验