How to trust self signed certificate on Android?(如何信任 Android 上的自签名证书?)
问题描述
我已经为我的服务器生成了自签名证书.然后通过设置 -> 安全 -> 安装将其添加到 Android.
I have generated self signed certificate for my server. Then added it to Android with Settings -> Security -> Install.
当我尝试从应用程序连接到我的服务器时出现错误:
When I'm trying to connect to my server from the application I'm getting error:
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
据我了解,在将证书添加到受信任的列表后,它应该可以正常工作.我错过了什么吗?思路是通过Android系统添加证书,无需修改应用代码.
As I understand after I've added certificate to list of trusted ones it should work fine. Am I missing something? The idea is to add certificate through Android system without modifying application code.
顺便说一句,我正在使用 OkHttpClient 进行网络连接.也许我应该为 https 连接启用一些东西?
Btw I'm using OkHttpClient for network connection. Maybe I should enable something for https connection?
推荐答案
对 Android 来说重要的是,当您生成自签名证书时,将其标记为证书颁发机构,以便授权它对证书进行认证——即使只为自己签名并证明它就是它自己.
It is important to Android that when you generate your self-signed certificate, you mark it as a Certificate Authority in order to empower it to certify certificates — even if only to sign itself and so certify that it is itself.
这是在 basicConstraints 扩展中完成的,声明 CA:TRUE 而不是默认的 CA:FALSE.当您导入如此标记的证书时,Android 会将其视为用户安装的根证书,您应该能够在 Credential storage → Trusted credentials → 用户.
This is done in the basicConstraints extension, declaring CA:TRUE instead of the default CA:FALSE. When you import a certificate so marked, Android will consider it a user-installed root certificate, and you should be able to see it under Credential storage → Trusted credentials → USER.
但是,具有此位的证书是一种强大的力量,并且此类证书已被邪恶的工具用来监视过去所谓的加密用户通信.因此,这些天来,当这种 CA 证书生效时,Google Play Protect 将希望与用户交流.
However, a certificate having this bit is a mighty power, and such certificates have been used by nefarious tools to spy on supposedly encrypted user communication in the past. Accordingly, these days, Google Play Protect will want to have a word with the user when this kind of CA certificate is in force.
这篇关于如何信任 Android 上的自签名证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:如何信任 Android 上的自签名证书?
基础教程推荐
- 当从同一个组件调用时,两个 IBAction 触发的顺序是什么? 2022-01-01
- 在 gmail 中为 ios 应用程序检索朋友的朋友 2022-01-01
- Kivy Buildozer 无法构建 apk,命令失败:./distribute.sh -m “kivy"d 2022-01-01
- UIWebView 委托方法 shouldStartLoadWithRequest:在 WKWebView 中等效? 2022-01-01
- 如何在 iPhone 上显示来自 API 的 HTML 文本? 2022-01-01
- 如何让对象对 Cocos2D 中的触摸做出反应? 2022-01-01
- android 应用程序已发布,但在 google play 中找不到 2022-01-01
- 如何在 UIImageView 中异步加载图像? 2022-01-01
- Android:对话框关闭而不调用关闭 2022-01-01
- 如何在没有IB的情况下将2个按钮添加到右侧的UINavigationbar? 2022-01-01
