I’m getting an SSLPeerUnverifiedException: “No Peer Certificate” when connecting to a web service from my Android app which is hosted on a server with an SSL certificate by Thawte CA.
Please bear in mind that I’m in way over my head when it comes to the server side of things, but a bunch of solutions I’ve seen for this on SO involve blatantly trusting any certificate. Most of the solutions are from 2010-early 2011.
I have two questions, specifically:
- How / where do I check if Thawte CA is a trusted CA for Android
- How do I solve this issue?
Thanks!
For anyone looking for an answer: After loads of time spent scouring SO and the internet, I learned that there could be two possible causes:
The answer that really helped me out was by SO user bdc on this thread: Apache HttpClient on Android producing CertPathValidatorException (IssuerName != SubjectName).
In short, he suggested to check the chain ordering by running the
openssl s_client -connect server.domain.com:443. Running this command on Mac Terminal with the domain name of the server where the API was hosted showed that the chain ordering was incorrect.Once the ordering was fixed on the server side, voila! Everything works A-OK!