Search code examples
androidsslhttpswifiandroid-volley

Volley Request over https only works with Wifi (wlan) but not for 3G/GPRS (umts)

Because I was instructed to ask this issue in my own question I'm doing this here.
To see Original Topic in which I first asked my question (deleted now).

I got stuck with the same Problem and unfortunately the answers of the author aren't helpful.

To introduce my issue a little bit more in detail, I work with a self signed certificate on my Tomcat 8 (v8.0.15) server on the internet with Java 8 (v8.0.25 - JDK). There I host my Java EE Application, which is the backend for my Android Application. The SSL connector of the Tomcat works as it should. When I test the backend with a RESTClient I get the result as expected.
I created the keystore with one certificate:

keytool -genkey -alias tomcat -keystore tomcat.keystore 
-storepass MYKEYSTOREPASS -keyalg RSA -keysize 2048 -validity 365

Then I extracted the certificate:

keytool -export -alias tomcat -storepass MYKEYSTOREPASS 
-keystore tomcat.keystore -file tomcat.cer

Lastly I created a new Keystore in the BKS format for my Android Application:

keytool -import -alias tomcat -file tomcat.cer -keypass MYKEYSTOREPASS 
-keystore tomcat.bks -storetype BKS -storepass MYKEYSTOREPASS 
-providerClass org.bouncycastle.jce.provider.BouncyCastleProvider
-providerpath $PATH_TO_BC_LIBRARY/bcprov-jdk16-146.jar

(as mentioned here the "-export" and "-import" parameter are from previous releases but still useable. So you could also know this command parameters as "-exportcert" and "-importcert")

After finishing this steps I tried to connect and everything went fine. But only till I deactivated/left my WLAN connection. Then it did not work any more and brings an "javax.net.ssl.SSLPeerUnverifiedException: No peer certificate".
I really do not understand this behaviour.

To brighten up the android side a little bit more:
I used the classes/library from this tutorial in exact the same way.

If something is missing, just comment and I will bring the infos.

Thanks a lot in advance!

Solution

  • While making my research on Server Fault for similar issues I got a hint what could be wrong also: https://serverfault.com/questions/560733/why-isnt-tomcat-serving-the-correct-ssl-certificate I tried it out with the missing parameter "keyAlias", and it worked! The solution was finally - like Ogre_BGR expected before - a not optimal tomcat configuration. The connector looks like this:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="PATH_TO_YOUR_KEYSTORE"
           keystorePass="PASSWORD_FOR_YOUR_KEYSTORE"
           keyAlias="ALIAS_OF_YOUR_CERTIFICATE"
           maxHttpHeaderSize="8192"
           />

    Tomcat silently picks only the first key it finds in the keystore, when no keyAlias is configured. Mentioned in the docs here (at the bottom).

    I hope that some day somebody will be glad to read this, while having the same Problem.

    Thanks again @Ogre_BGR :)