How to trust self signed certificate on Android?

Question

I have generated self signed certificate for my server. Then added it to Android with Settings -> Security -> Install.

When I'm trying to connect to my server from the application I'm getting error:

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

As I understand after I've added certificate to list of trusted ones it should work fine. Am I missing something? The idea is to add certificate through Android system without modifying application code.

Btw I'm using OkHttpClient for network connection. Maybe I should enable something for https connection?

Answer 1

Consider using src/debug/xml/network_security_config.xml.

It should look similar to:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <certificates src="@raw/debug_cas"/>
        </trust-anchors>
    </debug-overrides>
</network-security-config>

Where debug_cas is the custom certification authority you used to generate the certificate for your server. Beware that if you are using a local server accessing it by IP you must have a subjectAltName with that IP inside your server certificate, otherwise it will give you a javax.net.ssl.SSLPeerUnverifiedException