Open in app

Sign in

Write

Sign in

CertPathValidatorException: Trust anchor for certification path not found

Md. Tawsif Ul Karim
2 min readApr 18, 2024

If you’ve started to encounter the following exception, especially on older Android devices, this guide can help:

handleFetchPinError: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

then you should ask the backend engineer to give you the a digital certificate of the api url that you want to connect to.

Solution Steps (Backend Server Setup):

if you are using letsencrypt then the file should be located at `/etc/letsencrypt/live` directory. look for the domain name. go to that folder and you will see that there is a file named `fullchain.pem`. copy the entire contents of the file then create a new file with with extension `.crt` and hand it back to the android developers. you can choose any name as you wish. for our case we named it `api.mysite.com.crt`

On the android side:

1. copy the file into `res/raw` folder.
2. create a new folder under `res` folder `xml`. and under it, create a file network_security_config.xml

Here is what the `res/raw/network_security_config.xml` file should look like:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
 <domain-config>
 <domain includeSubdomains="true">api.mysite.com</domain>
 <trust-anchors>
 <certificates src="@raw/api.mysite.com" />
 </trust-anchors>
 </domain-config>
</network-security-config>

you can also add multiple configuration like above for test or dev servers. (be sure to get two certificates for production and test apis)
here is an example:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
 <domain-config>
 <domain includeSubdomains="true">api.mysite.com</domain>
 <trust-anchors>
 <certificates src="@raw/production_certificate" />
 </trust-anchors>
 </domain-config>
 <domain-config>
 <domain includeSubdomains="true">devapi.mysite.com</domain>
 <trust-anchors>
 <certificates src="@raw/test_certificate" />
 </trust-anchors>
 </domain-config>
</network-security-config>

3. Specify the network configuration settings in the `AndroidManifest.xml` file of your application.

android:name=".MXVHR"
….
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/AppTheme"
android:usesCleartextTraffic="true"
android:networkSecurityConfig="@xml/network_security_config" <- Add this line here
tools:replace="android:icon"

This gist has been written with the help from the following link:
https://dev.to/enyason/how-to-fix-issue-of-ssl-handshake-exception-on-android-g6g

Many thanks to the original author: Enya Emmanuel

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Android
Md. Tawsif Ul Karim
Md. Tawsif Ul Karim

Written by Md. Tawsif Ul Karim

0 Followers
14 Following

Ordinary boy with some extra ordinary dreams. Currently suffering from awesomenia

No responses yet

Write a response

What are your thoughts?

More from Md. Tawsif Ul Karim

See all from Md. Tawsif Ul Karim

Recommended from Medium

Lists

Staff picks

827 stories1648 saves
See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams