okhttp - HTTP FAILED: javax.net.ssl.SSLPeerUnverifiedException: 未能找到签署证书的可信证书:

Posted

技术标签:

【中文标题】okhttp - HTTP FAILED: javax.net.ssl.SSLPeerUnverifiedException: 未能找到签署证书的可信证书:【英文标题】:okhttp - HTTP FAILED: javax.net.ssl.SSLPeerUnverifiedException: Failed to find a trusted cert that signed Certificate: 【发布时间】:2021-01-27 22:42:06 【问题描述】:

您好,我在调用特定的Rest 端点时遇到此异常,但我被困在javax.net.ssl.SSLPeerUnverifiedException,我仅在 api 级别 21 (android 5.0) 中遇到此异常。

我们还在我们的应用中为 http 客户端添加了一个自定义信任管理器

fun OkHttpClient.Builder.ignoreAllSSLErrors(): OkHttpClient.Builder 
    val naiveTrustManager = object : X509TrustManager 
        override fun getAcceptedIssuers(): Array<X509Certificate> = arrayOf()
        override fun checkClientTrusted(certs: Array<X509Certificate>, authType: String) = Unit
        override fun checkServerTrusted(certs: Array<X509Certificate>, authType: String) = Unit
    

    val insecureSocketFactory = SSLContext.getInstance("TLSv1.2").apply 
        val trustAllCerts = arrayOf<TrustManager>(naiveTrustManager)
        init(null, trustAllCerts, SecureRandom())
    .socketFactory

    sslSocketFactory(insecureSocketFactory, naiveTrustManager)
    hostnameVerifier(HostnameVerifier  _, _ -> true )
    return this

这是异常的stackTrace:

D/OkHttp: <-- HTTP FAILED: javax.net.ssl.SSLPeerUnverifiedException: Failed to find a trusted cert that signed Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
        Signature Algorithm: sha384WithRSAEncryption
            Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
            Validity
                Not Before: May 30 10:48:38 2000 GMT
                Not After : May 30 10:48:38 2020 GMT
            Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority

如果需要,我可以添加更多详细信息,谢谢

【问题讨论】:

【参考方案1】:

这是因为旧设备上的 CA 证书已过期。见How to trust SSL certificates with cross-signed root expired on android <= 5

但不清楚为什么您的不安全设置不起作用。你还没有提供可用的复制品,所以除了猜测之外很难做更多的事情。

【讨论】:

以上是关于okhttp - HTTP FAILED: javax.net.ssl.SSLPeerUnverifiedException: 未能找到签署证书的可信证书:的主要内容,如果未能解决你的问题,请参考以下文章

HTTP Status 500 - Handler processing failed; nested exception is java.lang.NoClassDefFoundError: jav

HTTP Status 500 - Handler processing failed; nested exception is java.lang.NoClassDefFoundError: jav

Android应用程序崩溃okhttp3 HTTP FAILED:javax.net.ssl.SSLException:读取错误:系统调用期间I/O错误,软件导致连接中止

OKHTTP - SSLSocket duplex close failed

OKHTTP - SSLSocket duplex close failed

HTTP FAILED:javax.net.ssl.SSLHandshakeException:链验证失败[重复]