wrong version keystore when doing https call

2019-02-16 10:51发布

问题:

Hello fellow android coders.

I'm trying to do a https secure call from my android code. The call goes fine on the emulator but on the actual Samsung Galaxy device I get a SSL error.

I used crazy bobs method for handling the cetificate. Here is crazy bobs link: http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html.

Problem is I get an error: "wrong version of keystore" inside the custom SSLSocketFactory object.

Any suggestions on what to do to fix this? Thanks.

回答1:

Did you create your keystore with the Bouncy Castle format? All these 3 parameters are mandatory when creating the keystore with keytool (and especially the keystore type must be BKS):

  -storetype BKS
  -provider org.bouncycastle.jce.provider.BouncyCastleProvider
  -providerpath /path/to/bouncycastle.jar

Android uses version 1.46 of bouncycastle, make sure you use this version when creating your keystore Version 1.46 is found here



回答2:

In case anyone stumbles upon this and @Jcs excellent answer does not solve it: I experienced exactly the same issues, and it turned out I didn't install the SSL certificates on my web server correctly. I got the idea when using digicert's SSL testing tool: My certificate provider used the common practice of signing server certificates with an intermediate CA. After installing the certificate chain (which links the issuer's intermediate CA to their root CA), everything worked fine.



回答3:

An easy alternative is to use Portecle to generate the BKS:

  1. Download Boucycastle Provider 1.46
  2. Replace bcprov.jar in your Portecle install directory (example: C:\Program Files (x86)\Portecle\bcprov.jar). Same naming is required.
  3. Restart Portecle and generate your BKS truststore.

Remark: For me the issue was on Android 4.0.3 and that fixed it.

More explanations here.