Reputation: 425
Xamarin webview Android SSL error untrusted - how to add trusted certificate
I have SSL error untrusted on my Xamarin application on adroid app (iOS works good). I need to use Webview.
I follow this instructions for httpclient : https://thomasbandt.com/certificate-and-public-key-pinning-with-xamarin . I need to set TrustManagerFactory, KeyManagerFactory and KeyStore, but in WebViewRenderer and WebViewClient I can not find option to add my certificates as trusted. I dont want to compare certificates in OnReceivedSslError override method, because certificate that come in this method is the final certificate (that will expire up to one year). I want to add my root and intermediate certificates to list of trusted certificates before checking certificate method in webview will be called.
ExportRenderer:
public class CustomWebView : WebViewRenderer
{
private TrustManagerFactory _trustManagerFactory;
private KeyManagerFactory _keyManagerFactory;
private KeyStore _keyStore;
public CustomWebView(Context context) : base(context)
{
}
protected override void OnElementChanged(ElementChangedEventArgs<Xamarin.Forms.WebView> e)
{
base.OnElementChanged(e);
if (e.NewElement != null)
{
var customWebViewClient = new CustomWebViewClient();
_trustManagerFactory = CertificateHelper.TrustManagerFactory;
_keyManagerFactory = CertificateHelper.KeyManagerFactory;
_keyStore = CertificateHelper.KeyStore;
Control.SetWebViewClient(customWebViewClient);
}
}
}
How to set TrustManagerFactory, KeyManagerFactory and KeyStore here?
Upvotes: 1
Views: 2064
Answers (1)
Reputation: 425
I have finally found working solution. In my case adding end-user certificate or intermediate certificate, (separately or together), makes everything working. End-user cert is short term so I advice to add long term intermediate certificate.
Add:
android:networkSecurityConfig="@xml/network_security_config" to manifest in application section.
Add new xml file (build action AndroidResource) to Resources -> xml -> network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="@raw/untrusted_ca"/>
<certificates src="system"/>
</trust-anchors>
</base-config>
</network-security-config>
Name of certificate should consist of only lower case letters, numbers and underscore.
Add certificate (build action: AndroidResource) in: Resources -> raw -> untrusted_ca.pem
Now android webview trusts server on application level so no more ssl error occurs, when connecting to particular server.
Upvotes: 3
Related Questions
- Android WebView complains of untrusted certificate but it is trusted in all other browsers
- Android webview get sslError SSL_UNTRUSTED but certificate is valid
- Xamarin: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
- Xamarin Forms HttpClient SSL Certification validation error
- Webview SSL Certification error untrusted
- Xamarin Android issue connecting via HTTPS to site with self-signed certificate: "Trust anchor for certification path not found."
- Xamarin Android error in (https, ssl, tls)
- How to handle SSL error using self-signed certificate in Xamarin.Forms Webview?
- Suddenly getting "Error: TrustFailure (The authentication or decryption has failed.)" on my Xamarin Android app
- Xamarin Android HttpWebClient with certificate: System.IO.IOException: The authentication or decryption has failed