SSLHandshakeException - Chain chain validation failed, how to solve?

retrofit javax.net.ssl.sslhandshakeexception: chain validation failed
com.android.volley.noconnectionerror: javax.net.ssl.sslhandshakeexception: chain validation failed
retrofit 2 javax net ssl sslhandshakeexception chain validation failed
ssl handshake exception android
glide ssl handshake exception
exoplayer sslhandshakeexception
android 7 ssl handshake exception
retrofit trust all certificates

in my application I am trying to do a HTTPS POST request to my server. However, I keep getting SSLHandshakeException - Chain chain validation failed, all the time. I tried to send a request using POSTMAN and I got a response from the server. What can be causing this error when I try to send the request from the application?

Here a code snippet where I try to send the post request:

   public static JSONObject getDataLibConfiguration(Context context) throws HttpRequestException {

    int statusCode = 0;

    JSONObject commonInformation;
    HttpsURLConnection connection = null;

    try {

        commonInformation = ConfigurationProcessor.getCommonInformation(context);
        if (commonInformation == null) {
            return null;
        }

        URL url = new URL(BuildConfig.SERVER_CONFIG_URL);
        if (BuildConfig.DEBUG) {
            LogUtils.d(TAG, "url = " + url.getPath());
        }

        connection = getHttpsConnection(url);
        connection.setDoOutput(true);
        connection.setDoInput(true);
        connection.setRequestMethod("POST");
        connection.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
        connection.setRequestProperty("Content-Encoding", "gzip");

        byte[] gzipped = HttpUtils.gzip(commonInformation.toString());
        cos = new CountingOutputStream(connection.getOutputStream()); //<-- This is where I get the exception
        cos.write(gzipped);
        cos.flush();

        statusCode = connection.getResponseCode();
        // More code her
 }

private static HttpsURLConnection getHttpsConnection(URL url) throws IOException, GeneralSecurityException {

        HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();

        try {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            MatchDomainTrustManager myTrustManager = new MatchDomainTrustManager(url.getHost());
            TrustManager[] tms = new TrustManager[]{myTrustManager};
            sslContext.init(null, tms, null);
            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
            connection.setSSLSocketFactory(sslSocketFactory);
        } catch (AssertionError ex) {
            if (BuildConfig.DEBUG) {
                LogFileUtils.e(TAG, "Exception in getHttpsConnection: " + ex.getMessage());
            }
            LogUtils.e(TAG, "Exception: " + ex.toString());
        }
        return connection;
    }

In my case it was wrong date on phone.

Fixing date resolved an issue

Android Emulator "Chain Validation Failed" connecting developers , SSLHandshakeException: Chain validation failed. and the solution that worked for me was to force cold boot the emulator via Virtual Device  How to fix it? If the system time is set to time point at which the server certificate is not valid, https will fail. We fixed it by waiting for system time to be updated before making any https requests.

The problem was that the certificate was expired.

javax.net.ssl.SSLHandshakeException: Chain validation failed #3180, This error occurs only in Android Nougat and above when use SSLHandshakeException: Chain validation failed #3180 How to fix it? I am using Azure Could Messaging with andorid. It is working fine on device with android 6. When i run it on android 8, it ie giving error on following line.

public static void trustEveryone() {
        try {
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }});
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, new X509TrustManager[]{new X509TrustManager(){
                public void checkClientTrusted(X509Certificate[] chain,
                                               String authType) throws CertificateException {}
                public void checkServerTrusted(X509Certificate[] chain,
                                               String authType) throws CertificateException {}
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }}}, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(
                    context.getSocketFactory());
        } catch (Exception e) { // should never happen
            e.printStackTrace();
        }
    }

or check system date of your device - I had this Exception when I tried to connect with wrong date!..

Android Emulator “Chain Validation Failed” connecting developers , SSLHandshakeException: Chain validation failed the solution that worked for me was to force cold boot the emulator via Virtual Device Manager -> Actions  Unity ID. A Unity ID allows you to buy and/or subscribe to Unity products and services, shop in the Asset Store and participate in the Unity community.

javax.net.ssl.SSLHandshakeException: Chain validation failed, How to fix it? If the system time is set to time point at which the server certificate is not valid, https will fail. We fixed it by waiting  {Javax.Net.Ssl.SSLHandshakeException: Chain validation failed ---> Java.Security.Cert.CertificateException: Chain validation failed ---> Java.Security.Cert.CertPathValidatorException: OCSP response does not include a response for a certificate supplied in the OCSP request ---> Java.Security.Cert.CertPathValidatorException: OCSP response does

Android Emulator “Chain Validation Failed” connecting , No reply because of error: javax.net.ssl.SSLHandshakeException: Chain validation failed. at com.android.org.conscrypt.OpenSSLSocketImpl. Make sure your SSL isn't expired. Once I fixed that problem I was no longer getting "javax.net.ssl.SSLHandshakeException: Chain validation failed" errors. I had other issues, but that's a different thread. It sounds like such an obvious solution, but it's something to look into and not necessarily the first thing on people's mind.

Certificate date expiration error - how to resolve?, (0) closed with error javax.net.ssl.SSLHandshakeException: Chain validation failed at com.android.org.conscrypt.OpenSSLSocketImpl. Join GitHub today. Unable to execute HTTP request: Chain validation failed #509. SSLHandshakeException: Chain validation failed at com.android.org.conscrypt.

Comments
  • What is the error in LogCat?
  • It just says: "java.security.cert.CertificateException: Chain validation failed"
  • but in my case, It is working on almost all devices but few are getting this error message
  • I tried release an update with such code and release was blocked by Google by security reasons.