Private CA

[Shedaim]

The Linshare app doesn't trust a private CA signed certificate, although the CA certificate has been installed on the device. Tried with Chrome and it trusts the certificate with no issue. Error from Logcat:

System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 07-22 22:45:03.931 8913 8937 W System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:229) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.d.h.a(RealConnection.kt:116) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.d.h.a(RealConnection.kt:26) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.d.d.a(ExchangeFinder.kt:137) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.d.d.a(ExchangeFinder.kt:14) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.d.d.a(ExchangeFinder.kt:7) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.d.m.a(Transmitter.kt:7) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.d.a.a(ConnectInterceptor.kt:6) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:13) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:1) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.c.a.a(CacheInterceptor.kt:29) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:13) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:1) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.a.a(BridgeInterceptor.kt:37) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:13) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.i.a(RetryAndFollowUpInterceptor.kt:37) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:13) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:1) 07-22 22:45:03.931 8913 8937 W System.err: at f.a.a.a.l.a.a(AuthorizationInterceptor.kt:11) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:13) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:1) 07-22 22:45:03.931 8913 8937 W System.err: at f.a.a.a.l.e.a(DynamicBaseUrlInterceptor.kt:47) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:13) 07-22 22:45:03.931 8913 8937 W System.err: at q.l0.e.g.a(RealInterceptorChain.kt:1) 07-22 22:45:03.931 8913 8937 W System.err: at q.c0.a(RealCall.kt:35) 07-22 22:45:03.932 8913 8937 W System.err: at q.c0$a.run(RealCall.kt:12) 07-22 22:45:03.932 8913 8937 W System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) 07-22 22:45:03.932 8913 8937 W System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) 07-22 22:45:03.932 8913 8937 W System.err: at java.lang.Thread.run(Thread.java:764) 07-22 22:45:03.932 8913 8937 W System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 07-22 22:45:03.932 8913 8937 W System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:646) 07-22 22:45:03.932 8913 8937 W System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495) 07-22 22:45:03.932 8913 8937 W System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418) 07-22 22:45:03.932 8913 8937 W System.err: at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339) 07-22 22:45:03.932 8913 8937 W System.err: at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94) 07-22 22:45:03.932 8913 8937 W System.err: at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88) 07-22 22:45:03.932 8913 8937 W System.err: at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208) 07-22 22:45:03.932 8913 8937 W System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404) 07-22 22:45:03.932 8913 8937 W System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 07-22 22:45:03.932 8913 8937 W System.err: at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375) 07-22 22:45:03.932 8913 8937 W System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224) 07-22 22:45:03.932 8913 8937 W System.err: ... 28 more 07-22 22:45:03.932 8913 8937 W System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 07-22 22:45:03.932 8913 8937 W System.err: ... 39 more

Seems to always be an issue with Android. This happens when clicking "Login"

[hoangdat]

Many thanks for your information. We will check and resolve it ASAP.

[hoangdat]

@Shedaim Can you share me which domain of LinShare you try to Login to?. Is it https://demo.linshare.org/?

[hoangdat]

Hi @Shedaim , after get the comment from Back-End team:

demo.linshre.org is using a certificate generated by gandi. So we need to add the Gandi CA to the trust store

You can try to use the app with: https://user.linshare-2-3.integration-linshare.org

username: user1@linshare.org
password: password1

[Shedaim]

Got ya. So anyways, I may incorporate the CA certificate into the app itself and this should solve the issue, right?

[hoangdat]

Google have a detail article: https://developer.android.com/training/articles/security-ssl. Please try with it