Android + SSL：错误不可信服务器证书

Question

我已经访问了很多地方，以解决这个问题，但不是做。

尝试SSL连接“不可信服务器证书”时，Android返回错误。 https://google.cl/工作，但https://autoservicio.movistar.cl/不工作： -/ 我的项目：

package com.drawcoders.saldomovistarchile; 

import java.io.IOException; 
import java.io.UnsupportedEncodingException; 
import java.util.ArrayList; 
import java.util.List; 

import javax.net.ssl.HostnameVerifier; 

import org.apache.http.HttpEntity; 
import org.apache.http.HttpResponse; 
import org.apache.http.NameValuePair; 
import org.apache.http.client.ClientProtocolException; 
import org.apache.http.client.entity.UrlEncodedFormEntity; 
import org.apache.http.client.methods.HttpPost; 
import org.apache.http.conn.scheme.PlainSocketFactory; 
import org.apache.http.conn.scheme.Scheme; 
import org.apache.http.conn.scheme.SchemeRegistry; 
import org.apache.http.conn.ssl.SSLSocketFactory; 
import org.apache.http.conn.ssl.X509HostnameVerifier; 
import org.apache.http.impl.client.DefaultHttpClient; 
import org.apache.http.impl.conn.SingleClientConnManager; 
import org.apache.http.message.BasicNameValuePair; 
import org.apache.http.util.EntityUtils; 

import android.app.Activity; 
import android.os.Bundle; 
import android.widget.TextView; 

public class SaldoMovistarChileActivity extends Activity { 
    TextView statusText; 

    /** Called when the activity is first created. */ 
    @Override 
    public void onCreate(Bundle savedInstanceState) { 
     super.onCreate(savedInstanceState); 
     setContentView(R.layout.main); 
     statusText = (TextView) findViewById(R.id.statusText); 
     login(); 
    } 

    void login(){  
     try { 
      HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; 
      DefaultHttpClient client = new DefaultHttpClient(); 

      SchemeRegistry registry = new SchemeRegistry(); 
      SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory(); 
      socketFactory.setHostnameVerifier((X509HostnameVerifier)hostnameVerifier); 
      registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
      registry.register(new Scheme("https", socketFactory, 443)); 
      SingleClientConnManager mngr = new SingleClientConnManager(client.getParams(), registry); 
      DefaultHttpClient httpClient = new DefaultHttpClient(mngr, client.getParams()); 

      HttpPost post = new HttpPost("https://autoservicio.movistar.cl/login/loginTop"); 
      List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(4); 
      nameValuePairs.add(new BasicNameValuePair("rut", "1000000")); 
      nameValuePairs.add(new BasicNameValuePair("dv", "0")); 
      nameValuePairs.add(new BasicNameValuePair("idRut", "10000000-0")); 
      nameValuePairs.add(new BasicNameValuePair("clave", "00000000")); 
      post.setEntity(new UrlEncodedFormEntity(nameValuePairs)); 

      HttpResponse response = httpClient.execute(post); 

      // HttpResponse response = client.execute(post); 
      HttpEntity entity = response.getEntity(); 
      String responseText = EntityUtils.toString(entity); 
      statusText.setText("Finalizado!"); 

     } catch (UnsupportedEncodingException e) { 
      statusText.setText("Error: " + e.getMessage().toString()); 
     } catch (ClientProtocolException e) { 
      statusText.setText("Error: " + e.getMessage().toString()); 
     } catch (IOException e) { 
      statusText.setText("Error: " + e.getMessage().toString()); 
     } 
    } 
} 

谢谢:)

Answer 1

看来（判断了我的Android设备：Galaxy Nexus的，安卓4.1.1）的CA根在此版本的Android上未提供用于域的证书autoservicio.movi​​star.cl并且可能在4.1.1之前的版本中提供此证书。

对于网站信任的尝试此处提供的解决方案：Trusting all certificates using HttpClient over HTTPS

Answer 2

网站，https://autoservicio.movistar.cl所以客户端不能建立一个链到受信任根不返回中间证书。 Firefox也给出了一个错误。

此SSL检查表明，只有服务器证书返回：

http://certlogik.com/ssl-checker/autoservicio.movistar.cl

缺少中间证书是这一个：

CN =威瑞信3级国际服务器CA - G3，OU =使用条款https://www.verisign.com/rpa（c）10，OU = VeriSign信任网络，O =“VeriSign，Inc.”，C = US

----- BEGIN CERTIFICATE ----- MIIGKTCCBRGgAwIBAgIQZBvoIM4CCBPzLU0tldZ + ZzANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBvDEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg aHR0cHM6 Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMtVmVy aVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdacYvAV9IGaQQhZjxOdF8mfUdza sVLv/+ + NB3eDfxCjG4615HycQmLi7IJfBKERBD qpqFLPTU4bi7u1xHbZzFYG7rNV ICreFY1xy1TIbxfNiQDk3P/hwB9ocenHKS5 + vDv85burJlSLZpDN9pK5MSSAvJ5s 1fx + 0uFLjNxC + kRLX/gYtS4w9D0SmNNiBXNUppyiHb5SgzoHRsQ7AlYhv/JRT9Cm mTnprqU/iZucff5NYAclIPe712mDK4KTQzfZg0EbawurSmaET0qO3n40mY5o1so5 BptMs5pITRNGtFghBMT7oE2sLktiEuP7TfbJUQABH/weaoEqOOC5T9YtRQIDAQAB o4ICFTCCAhEwEgYDVR0TAQH/BAgwBgEB/wIBADBwBgNVHSAEaTBnMGUGC2CGSAGG + EUBBxcDMFYwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9j cHMwKgYIKwYBBQUHAgIwHhocaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTAO BgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv Z2lmMCEwHzAHBgUrDgMCGgQUj + XTGoasjY5rw8 + AatRIGCx7GS4wJRYjaHR0cDov L2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYDVR0lBC0wKwYIKwYBBQUH AwEGCCsGAQUFBwMCBglghkgBhvhCBAEGCmCGSAGG + EUBCAEwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wNAYDVR0f BC0wKzApoCegJYYjaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy1nNS5jcmww KAYDVR0RBCEwH6QdMBsxGTAXBgNVBAMTEFZlcmlTaWduTVBLSS0yLTcwHQYDVR0O BBYEFNebfNgioBX33a1fzimbWMO8RgC1MB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ 80M5 + gKvMzEzMA0GCSqGSIb3DQEBBQUAA4IBAQBxtX1zUkrd1000Ky6vlEalSVAC T/gvF3DyE9wfIYaqwk98NzzURniuXXhv0bpavBCrWDbFjGIVRWAXIeLVQqh3oVXY QWR R9m66SOZdTLdE0z6k1dYzmp8N5tdOlkSVWmzWoxZTDphDzqS4w2Z6BVxiEOgb Ett9LnZQ/9/XaxvMisxx + rNAVnwzeneUW/ULU/sOX7xo + 68q7jA3eRaTJX9NEP9X + 79uOzMh3nnchhdZLUNkt6Zmh + q8lkYZGoaLb9e3SQBb26O/KZru99MzrqP0nkzK XmnUG623kHdq2FlveasB + lXwiiFm5WVu/XzT3x7rfj8GkPsZC9MGAht4Q5mo ----- END CERTIFICATE -----