Jump to content
LuciaLima

javax...sslHandshakeException vs KIS Personal Root Certificate

Recommended Posts

Context: Android Studio (AS) is an IDE that allows people to create Apps for android powered devices. We can test these apps from within AS using an emulated device, which is a simulation of a physical phone or tablet.

I'm testing some Apps that use HTTPS URLs to query an University API website with "GET" request.

My KIS is configured to check encrypted connections (as it should, otherwise it would not make sense to buy it, specially now that google declared war on sites without https).

 

Problem: From within the AS device emulator, the App is always somehow blocked from connecting and the error that pops up mentions "javax.net.ssl.SSLHandshakeException ... Trust anchor for certification path not found."

 

Attempts made to solve: I've tried to use HTTP URLs to query other websites that operate under http and everything works smooth.

When it comes to the https, I've read that I need to download and install the root and intermediate certificate for that University's webiste. 

Problem with attempt: If I access the site with this KIS protected machine, when I click on the lock to download the certificates, the root is always KIS personal root certificate, but if I access the site from a machine without KIS I get the root certificate from the Digicert corporation. Something tells me that the server, when I try to connect to it, is looking for a key from my side that will match the encryption from the Digicert CA, which seems to me as being the one who issued their certificate. SO, I'd like someone to explain to me:

1st: why do I get the KIS root certificate instead of the Digicert, when I connect from behind the KIS firewall to that website.

2nd: how will I ever get the needed (Digicert) certificate so I can import it to my truststore, without compromising the system (like deactivating KIS).

If I'm mistakened with the way things are happening, or their reasons, please explain to me what has to be done, EXCEPT the option not to check encrypted connections, because that is unnacceptable (for obvious reasons).

 

Many Thanks

Share this post


Link to post

Hello,

Please do the following operation:

Settings --> Addition --> Network --> Do not scan encrypted network traffic or Add a website mask to exclusion --> Close all windows. Any better after that?

Regards 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.