Android Emulator "Chain Validation Failed" connecting developers machine with self-signed cert
AndroidSslAndroid EmulatorSsl CertificateAndroid Problem Overview
I have an Android Studio project that calls a web based API service. When the service code is in dev, qa, prod etc. There are NO certificate issues but when trying to hit the web api developers box to test a new feature / bug fix / etc. I get:
>No reply because of error: > >javax.net.ssl.SSLHandshakeException: Chain validation failed > > at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
I had the self signed certificate exported from the service developers machine WITHOUT the private key DER encoded. I dropped onto the emulator and it "installed" but this did not work.
I took the same cert above and copied to the emulated sd card. Then installed from security settings in emulator. Same result. Chain validation failed.
Now my security / certificate knowledge is very basic. I think the error actually describes the problem. There is no chain in a self signed certificate...but I could be wrong.
Regardless, how do I work around this?
I desire to be able to run my Android code and hit the developers box for testing / debugging etc.
I have read post like this one only to have the corporate environment I am in blocking the sites for open SSL etc.
I am accessing the service through a WebView.
Android Solutions
Solution 1 - Android
A cause of this problem can be wrong date time of the device
Solution 2 - Android
I was getting
javax.net.ssl.SSLHandshakeException: Chain validation failed
and
java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date
the solution that worked for me was to force cold boot the emulator via Virtual Device Manager -> Actions dropdown -> Cold Boot Now
Solution 3 - Android
Just restarting the Emulator solved this error. Long press the Power off button in the emulator menu and select Restart.
Solution 4 - Android
This Kind of exceptions will occur if you are calling HTTPS API and the device date time is incorrect.
It means the connection certificate is not valid because of date time is incorrect. That's why SSL Handshake get failed.
Solution: handle exceptions of APIs and show toast/snackbar/page to the user to change device date time.
Ex exceptions:
javax.net.ssl.SSLHandshakeException: Chain validation failed
...
Caused by: java.security.cert.CertificateException: Chain validation failed
...
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
...
Caused by: java.security.cert.CertificateNotYetValidException: Certificate not valid until Thu Aug 26 05:30:00 GMT+05:30 2021 (compared to Wed Mar 16 17:03:55 GMT+05:30 2016)
...
Solution 5 - Android
consider to use alternative internet connection when you got this issue
I've check time dan date, restarting my emulator, even my mac, apparently on my case
this error raised because I have shitty internet connection.
javax.net.ssl.SSLHandshakeException: Chain validation failed
extra: I think this exception need to be more explicit because it has so many triggers
extra2: maybe strict firewalls from your network also could make this happens
Solution 6 - Android
I know this is an old Question, but I had a similar problem, with a completely different solution.
Make sure your SSL isn't expired. Once I fixed that problem I was no longer getting "javax.net.ssl.SSLHandshakeException: Chain validation failed" errors. I had other issues, but that's a different thread.
It sounds like such an obvious solution, but it's something to look into and not necessarily the first thing on people's mind.
Solution 7 - Android
I wiped out all the data of the emulator and booted it up again, installed the app and everything was working. But seen other solution I think now that it might been an overkill.