I am using Retrofit 1.9 with OKHTTP3 client and I am trying to add certification pinning. Below is the relevant code:
String hostname = "xxxxxx.xx";
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add(hostname, "sha1/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=")
.build();
OkHttpClient client = new OkHttpClient.Builder()
.certificatePinner(certificatePinner)
.build();
return new RestAdapter.Builder()
.setRequestInterceptor(request -> {
request.addHeader("CONTENT-TYPE", "application/json");
})
.setEndpoint("https://xxxxxxxxxxxx").
.setClient(new Ok3Client(client))
.build();
Unfortunately it doesn't seem to be working. I don't have the
"javax.net.ssl.SSLPeerUnverifiedException: Certificate pinning failure!"
exception and even my host or SHA is incorrect. Can anyone explain why?
A couple things to check, since you've redacted the parts were mistakes are common, I can't tell for certain if these are you issue, but both mistakes will cause no pinning with no logs.
1) For hostname in your CertificatePinner, make sure it is just the host name, like "www.example.com", and not a url "https://www.example.com".
2) For .setEndpoint("xxxxxxxxxxxx"), make sure you endpoint is https, there are no certs checked on http so no logs.