How can I make Android Volley perform HTTPS request, using a certificate self-signed by an Unknown CA?

android https ssl android-volley trustmanager

i have implemented https by creating new requestQueue in my volley class by the following code

public RequestQueue getRequestQueue() {
    if (mRequestQueue == null) {
        mRequestQueue = Volley.newRequestQueue(getApplicationContext(), new HurlStack(null, newSslSocketFactory()));

    }

    return mRequestQueue;
}

private SSLSocketFactory newSslSocketFactory() {
    try {
        // Get an instance of the Bouncy Castle KeyStore format
        KeyStore trusted = KeyStore.getInstance("BKS");
        // Get the raw resource, which contains the keystore with
        // your trusted certificates (root and any intermediate certs)
        InputStream in = getApplicationContext().getResources().openRawResource(R.raw.keystore);
        try {
            // Initialize the keystore with the provided trusted certificates
            // Provide the password of the keystore
            trusted.load(in, KEYSTORE_PASSWORD);
        } finally {
            in.close();
        }

        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(trusted);

        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, tmf.getTrustManagers(), null);

        SSLSocketFactory sf = context.getSocketFactory();
        return sf;
    } catch (Exception e) {
        throw new AssertionError(e);
    }
}

I have faced the similar problem in the past and the solution for the same that worked was to install the intermediate certificate authority on the server side.

What is interesting to note here is that visiting this server in most desktop browsers does not cause an error like a completely unknown CA or self-signed server certificate would cause. This is because most desktop browsers cache trusted intermediate CAs over time. Once a browser has visited and learned about an intermediate CA from one site, it won't need to have the intermediate CA included in the certificate chain the next time.

Some sites do this intentionally for secondary web servers used to serve resources. For example, they might have their main HTML page served by a server with a full certificate chain, but have servers for resources such as images, CSS, or JavaScript not include the CA, presumably to save bandwidth. Unfortunately, sometimes these servers might be providing a web service you are trying to call from your Android app, which is not as forgiving.

Configure the server to include the intermediate CA in the server chain. Most CAs provide documentation on how to do this for all common web servers. This is the only approach if you need the site to work with default Android browsers at least through Android 4.2.

You can follow the steps as mentioned here Missing intermediate certificate authority

Another example What is an intermediate certificate?

FYI trust-anchor-not-found-for-android-ssl-connection

Browsers may accept root certificate authority but Android SDK may not do the same because browsers cache the same. Browsers will cache intermediate certificates, and use them between different sites. Because of that, if you are missing the intermediate certificate, random users will receive a trust error, while others won't. Do intermediate certificates get cached in Firefox?

Related

POST request using RCurl
How can I paginate in descending order by child value with firebase?
Get Image or byte data with http
Resize borderless window on bottom right corner
How to print member function address in C++
How to find the overlap between 2 sequences, and return it
Servlet send response to JSP
Using name binding annotations in Jersey
Access webcam without Flash
Rails logger format string configuration
Sending mail without installing an SMTP server
Add local Library Project as a dependency to multiple Projects in Android Studio