Reputation: 109
Cannot import my selfsigned CA, it seems to not recognize the raw directory
I'm trying to import my selfsigned CA in android so I can make HTTPS POST to a web server I selfsigned. Following Google Doc(https://developer.android.com/training/articles/security-config.html#ConfigCustom) I created directory res/raw/mycertificate and added my certificate in it. Created /res/xml directory and added the xml file network_security_config.xml to the manifest. It's in the network_security_config.xml file that I'm having some trouble, because when I create the tag Android Studio get me an error on src telling me "Missing src resource" but I placed the certificate.pem in the directory /res/raw/mycertificate, and the folders raw and mycertificate does exists. How can I make Android Studio take correctly that path folder?
<network-security-config>
<domain-config>
<domain includeSubdomains="true">192.168.1.200</domain>
<trust-anchors>
<certificates src="@raw/my_ca" />
</trust-anchors>
</domain-config>
Upvotes: 11
Views: 9267
Answers (3)
Reputation: 31
I recently came across this problem. Eventually, I tried to build the project anyways and found out that the name of the file containing my self-signed CA had an uppercase letter. According to the build error I got, "File-based resource names must contain only lowercase a-z, 0-9, or underscore."
Upvotes: 3
Reputation: 6015
Omit the file extension for your certificate file in the network config XML file. If your cert is at res/raw/my_cert.pem, use this XML code:
<network-security-config>
<domain-config>
<domain includeSubdomains="true">192.168.1.200</domain>
<trust-anchors>
<certificates src="@raw/my_cert" />
</trust-anchors>
</domain-config>
Upvotes: 12
Reputation: 3496
Actually, you must specify direct path to the certificate, not a directory path.
So, if you use src="@raw/my_ca", file called my_ca.cer (or my_ca.der) must be placed inside resource folder.
Extract from documentation (https://developer.android.com/training/articles/security-config.html#certificates):
src
The source of CA certificates. Each certificate can be one of the following:
- a raw resource ID pointing to a file containing X.509 certificates. Certificates must be encoded in DER or PEM format. In the case of PEM certificates, the file must not contain extra non-PEM data such as comments.
- "system" for the pre-installed system CA certificates
- "user" for user-added CA certificates
Upvotes: 6
Related Questions
- How to import self-signed certificate.ca with private keys in android phone?
- err_cert_authority_invalid - self signed CA is invalid on android, but works on PC
- Android recognizes my self made CA certificate as a user certificate, and does not install it properly
- I am getting a SSLHandshakeException and CertPathValidatorException error while using self signed certificate
- Accept Self-Signed Certificates in Android Studio Java Code
- android self-signed certificate wont work
- Self Signed Certificate - Trust anchor not found
- Android app SSL issue when trusting self signed certificate
- android https - self signed server certificate - exception
- Android self signed certificate: Trust anchor for certification path not found