分享程序员开发的那些事...
更新时间:2021-09-07 21:47:48
您必须告诉Android系统的信任证书。您的问题是安卓2.3后,接受您的证书,因为它有它包括受信任的证书列表中,但在previous版本不包括在内,所以,有问题。
You have to tell the Android system to trust your certificate. Your problem is that Android after 2.3 accepts your certificate because it has it included on the trusted certificates list, but on the previous versions is not included, so, there is the problem.
我建议你做喜欢上了Android的文档:
I recommend you doing like on the Android documentation:
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// From https://www.washington.edu/itconnect/security/ca/load-der.crt
InputStream caInput = new BufferedInputStream(new FileInputStream("load-der.crt"));
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
} finally {
caInput.close();
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
// Tell the URLConnection to use a SocketFactory from our SSLContext
URL url = new URL("https://certs.cac.washington.edu/CAtest/");
HttpsURLConnection urlConnection =
(HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream in = urlConnection.getInputStream();
copyInputStreamToOutputStream(in, System.out);
我做一样的,这是正常工作的每个设备上,与Android 2.3及以下,和我的网站的证书是私人的。
I am doing the same, and it is working properly on every devices, with Android 2.3 and below, and the certificate of my site is a private one.
只是尝试一下,并告诉我,如果它现在的工作。
Just try it, and tell me if it is working now.
希望它可以帮助你!