Letsencrypt and android apps

allo · December 14, 2015, 5:02pm

On android, all browser accept the LE certificates, but an app using the default HTTP client seems to have problems. Here is the corresponding code:

github.com

allo-/SharedUrlList/blob/master/src/de/laxu/apps/sharedurllist/Util.java#L41


			throws LoadException {
				String text="";
				ConnectivityManager cm = (ConnectivityManager) activity
						.getSystemService(Context.CONNECTIVITY_SERVICE);
				NetworkInfo ni = cm.getActiveNetworkInfo();
				if (ni != null && ni.isConnected()) {
					if(url == null || url.equals("")){
						throw new LoadException("no URL given.");
					}
					try {
						HttpClient client = new DefaultHttpClient();
						HttpResponse response = client.execute(new HttpGet(url));
						StatusLine statusLine = response.getStatusLine();
						int statusCode = statusLine.getStatusCode();
			
						if (statusCode == 200) {
							BufferedReader reader = new BufferedReader(
									new InputStreamReader(response.getEntity()
											.getContent()));
							String line;
							while ((line = reader.readLine()) != null) {

What do i need to change, so it accepts LE certificates? Is it something about the depth of the trust chain (i.e. that LE is not a root certificate but an intermediate one)? My server has the fullchain.pem configured as certificate.

motoko · December 15, 2015, 7:05am

What does SSLTest show? Maybe you’re missing part of the chain or the server’s accepted ciphers and methods aren’t compatible.

Also, DefaultHTTPClient is deprecated. Use HttpURLConnection, HttpClientBuilder, Volley or OkHttp.

allo · December 15, 2015, 7:39am

The app is a bit older, but just worked when using the right certificates (and failed on errors without any “accept this self signed one”). I may look into changing it, but currently i do not even have a build environment installed.

For my android 4:
Android 4.4.2 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS

Total grade capped to B, because some insecure cipher is still allowed. Need to check this.

motoko · December 15, 2015, 7:53am

I know the DST Root that cross-signs the Let’s Encrypt certificates isn’t a trusted CA in Java yet. It’s possible that the older DefaultHTTPClient uses the Java trust store, which could cause the problem you are seeing. I am just guessing, however.

allo · December 15, 2015, 8:25am

Ah, sounds plausible. May even explain why i always had problems correctly installing CaCert before. Meh, need to look into it to use another client.

btw. upgraded now to A by choosing own DH-param \o/

m.b · December 15, 2015, 4:56pm

I had also problems in my android apps. The problem was SNI… I changed to Volley and now it works.

allo · December 15, 2015, 5:08pm

I would like to avoid anything not in the core android, as the app is on purpose very simple and without external dependencies. So i will first look around with the other android url-apis.

FriendFX · December 31, 2015, 12:44am

I haven’t looked at the details, but DAVdroid (an Android client app to connect to an ownCloud server) seems to work fine on my Android 4.4 phone.

One thing that I had to do to get it to work however was to follow the instructions in this post, which also solved my This server's certificate chain is incomplete. Grade capped to B. problems reported by the SSL Labs SSL Test site.

allo · January 29, 2016, 5:18pm

I don’t think this is the problem, as i use the fullchain.pem with nginx on the domain, which should deliver this as the apache config in the linked post does.

Topic		Replies	Views
Certificate Is Not Trusted Node.js Express LetsEncrypt Cannot Connect From Android App Client Help	5	1242	July 15, 2023
Certificate is untrusted on some Android cell phone Help	12	1695	January 12, 2020
Old android phone no longer loads sites with let encrypt ssls Help	6	1170	April 3, 2021
Issue with Android App Rejecting TLS Certificates Without Root CA Chain Help	5	464	October 23, 2024
Android Studio emulator does not accept Let's Encrypt certs Server	3	2942	February 8, 2016

Letsencrypt and android apps

Related topics