CODEWITHSUNDEEP
androidsslretrofit
Orbit
Orbit

Reputation: 2385

Retrofit failed response callback, java.security.cert.CertificateException

Im trying to use Retrofit to make a call to this api: https://api.wheretheiss.at/v1/satellites/25544

Here is the code where the connection is being made:

retrieveButton.setOnClickListener(new View.OnClickListener() {
            @Override
            public void onClick(View v) {

                Retrofit retrofit = new Retrofit.Builder()
                        .baseUrl(BASEURL)
                        .addConverterFactory(GsonConverterFactory.create())
                        .build();

                ISSApi api = retrofit.create(ISSApi.class);

                Call<ISS> ISS = api.getLocation();

                ISS.enqueue(new Callback<ISS>() {
                    @Override
                    public void onResponse(Response<ISS> response) {
                        System.out.println("booya");
                    }

                    @Override
                    public void onFailure(Throwable t) {
                        System.out.println("failure");
                        System.out.println(t.getMessage().toString());
                        t.printStackTrace();

                    }
                });

So it seems to at least be able to find the API as the onFailure callback is being fired, but im getting this error:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Some notes: I've used OkHTTP before with an API that had SSL enabled and I never had to deal with certificates. Also, something i noticed, if i go to the API endpoint on my Nexus 5, i get this: https://i.sstatic.net/4HLZX.png. Perhaps thats related to the issue?

Any help appreciated. Using Retrofit 2.0.0.

Upvotes: 1

Views: 1186

Answers (1)

Paulo Avelar
Paulo Avelar

Reputation: 2140

The server you are trying to connect to does not have a valid SSL certificate for Android.

This is weird, because I can access it in my computer with no issues, but apparently Android is missing the CA that signed this certificate.

What you can do:

  1. Manually add the certificate in your device -- not good if you are deploying it to many people.
  2. Create a custom SslSocketFactory that accepts this server certificate.

The second approach is the best, but it brings a lot of problems to the table.

For example, if the server changes the certificate (they normally do from time to time), you will get these same errors everytime until you update your app.
An alternative is finding who is the certification authority of this server certificate and add it instead (it would work with #1 and #2).

Check this answer to learn how to override certificate validation using OkHttp.

EDIT: the certificate issuer seems to be RapidSSL (info here).

Upvotes: 1

Related Questions