SSL Handshake issue on Android 7.0

Question

I have a backend built in Java and Springboot and deployed on railway. When i tested the endpoints on various Android versions from 14 till 6 and they all worked except on Android 7.0 (Nougat), where i keep getting this error message for every network request i make:

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

I haven't tried much of any solution. I use retrofit and it is for my android app in kotlin.

What do i do to solve it?

Answer 1

This exception is saying that phone doesn't trust the SSL Authority. As @Markus Kauppinen suggested in comment, you have to setup network security configuration.

1. Download your server certificate and save it into raw resources directory.

2. Create network_security_config file in xml resources directory and setup configuration for your server domain. If your app communicates with other servers like Firebase, don't forget to include them too:

In network_security_config.xml just replace yourdomain.com with your actual domain.

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">yourdomain.com</domain>
        <trust-anchors>
            <certificates src="@raw/server_cert" />
            <certificates src="system" />
        </trust-anchors>
    </domain-config>
</network-security-config>

3. Apply config in AndroidManifest.xml, put in into application tag

<application
   android:networkSecurityConfig="@xml/network_security_config"
   ...
>

With this solution it should work fine for Android 7+.