'Could not validate certificate: null

I'm trying to connect to a webserver using an Android 4.4.2 based device, when connecting with newer devices everything works fine but when connecting with these older devices I get the following error:

 javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:409)
    at com.android.okhttp.Connection.upgradeToTls(Connection.java:146)
    at com.android.okhttp.Connection.connect(Connection.java:107)
    at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294)
    at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255)
    at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206)
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345)
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:296)
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:179)
    at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:246)
    at com.mypackage.myapp.api.myappApi.getOptions(myappApi.java:117)
    at com.mypackage.myapp.service.myappCommService.getOptions(myappCommService.java:104)
    at com.mypackage.myapp.service.myappCommService.onHandleIntent(myappCommService.java:120)
    at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:65)
    at android.os.Handler.dispatchMessage(Handler.java:110)
    at android.os.Looper.loop(Looper.java:193)
    at android.os.HandlerThread.run(HandlerThread.java:61)
 Caused by: java.security.cert.CertificateException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:308)
    at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:202)
    at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:611)
    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
    at com.android.okhttp.Connection.upgradeToTls(Connection.java:146) 
    at com.android.okhttp.Connection.connect(Connection.java:107) 
    at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294) 
    at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255) 
    at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206) 
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345) 
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:296) 
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:179) 
    at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:246) 
    at com.mypackage.myapp.api.myappApi.getOptions(myappApi.java:117) 
    at com.mypackage.myapp.service.myappCommService.getOptions(myappCommService.java:104) 
    at com.mypackage.myapp.service.myappCommService.onHandleIntent(myappCommService.java:120) 
    at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:65) 
    at android.os.Handler.dispatchMessage(Handler.java:110) 
    at android.os.Looper.loop(Looper.java:193) 
    at android.os.HandlerThread.run(HandlerThread.java:61) 
 Caused by: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
    at com.android.org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCertA(RFC3280CertPathUtilities.java:1488)
    at com.android.org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:305)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:190)
    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:295)
    at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:202) 
    at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:611) 
    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405) 
    at com.android.okhttp.Connection.upgradeToTls(Connection.java:146) 
    at com.android.okhttp.Connection.connect(Connection.java:107) 
    at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294) 
    at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255) 
    at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206) 
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345) 
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:296) 
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:179) 
    at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:246) 
    at com.mypackage.myapp.api.myappApi.getOptions(myappApi.java:117) 
    at com.mypackage.myapp.service.myappCommService.getOptions(myappCommService.java:104) 
    at com.mypackage.myapp.service.myappCommService.onHandleIntent(myappCommService.java:120) 
    at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:65) 
    at android.os.Handler.dispatchMessage(Handler.java:110) 
    at android.os.Looper.loop(Looper.java:193) 
    at android.os.HandlerThread.run(HandlerThread.java:61) 
 Caused by: java.security.cert.CertificateExpiredException
    at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:220)
    at com.android.org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCertA(RFC3280CertPathUtilities.java:1483)
    at com.android.org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:305) 
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:190) 
    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:295) 
    at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:202) 
    at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:611) 
    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405) 
    at com.android.okhttp.Connection.upgradeToTls(Connection.java:146) 
    at com.android.okhttp.Connection.connect(Connection.java:107) 
    at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294) 
    at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255) 
    at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206) 
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345) 
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:296) 
    at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:179) 
    at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:246) 
    at com.mypackage.myapp.api.myappApi.getOptions(myappApi.java:117) 
    at com.mypackage.myapp.service.myappCommService.getOptions(myappCommService.java:104) 
    at com.mypackage.myapp.service.myappCommService.onHandleIntent(myappCommService.java:120) 
    at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:65) 
    at android.os.Handler.dispatchMessage(Handler.java:110) 
    at android.os.Looper.loop(Looper.java:193) 
    at android.os.HandlerThread.run(HandlerThread.java:61) 
06-29 10:14:40.270 2498-4412/com.mypackage.myapp E/NativeCrypto: ssl=0x54e32608 cert_verify_callback x509_store_ctx=0x55e20938 arg=0x0
06-29 10:14:40.270 2498-4412/com.mypackage.myapp E/NativeCrypto: ssl=0x54e32608 cert_verify_callback calling verifyCertificateChain authMethod=ECDHE_RSA

I have implemented a custom SSLSocketFactory to try and force it to connect by using TLSV1.2 as that seemed to be a common error but that didn't change anything in the error that was thrown. The date and time on this device are set to the current date and time. It's not just happening on this device but on all devices that use an Android version pre 4.4.2.

androidsslssl-certificate


Solution 1:[1]

An even older device with Android 4.0 threw a clearer error, the root certificate of the server I was trying to connect to had expired and was thus causing issues.

Solution 2:[2]

Make sure the "Date and Time" of your device is up-to-date

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Rodin10
Solution 2 Muktadir Sony

Related Questions

Problem with configuring ssl certificates in asp .net core API

Problem with configuring ssl certificates in asp .net core API

Server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Turn off or bypass SSL Certificate Verification in Swift iOS

ActiveMQ over SSL: "acceptInvalidBrokerCert=true" not working

Install SSL certificates in my AWS canary puppeteer script

Getting this error while installing DFX on my mac "curl: (60) SSL certificate problem: certificate has expired"

How to install a custom certificate in Symfony server?

ssl ,urllib3,requests .exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:548)

How to fix javax.net.ssl.SSLHandshakeException even though i have already added the certificate

Renew kubernetes pki after expired

Error: unable to verify the first certificate in nodejs

How does wildcard ssl certificate match domains

How to create a self signed cerficate using command prompt?

SSLHandshakeException in Eclipse Temurin JRE8 Alpine container for self-signed certificate