Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Android 12: Trust anchor for certification path not found

1

Hi, I have an android app that was tested on mobile phones using Android 8/9/10/11/12, and Android 8/9/10/11 phones are working normally, but I can’t receive notifications on android 12. Can anyone make any suggestions?

The exception I am getting (Only Android 12)! "MqttException (0) - javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."

further information: https://stackoverflow.com/questions/70163257/mqtt-can-not-connect-to-aws-server

further information(2021/12/9): I use the same account to create an identity pool in Amazon Cognito, and set up different regions for testing. If the region is set to us-west-2, the MQTT connection fails, and the region is set to ap-southeast-1 then the MQTT connection succeeds. What will be the effect on identity pool? Or any other suggestions?

(notice: Android 8/9/10/11 phones are normal, only android 12 has an error message.)

  • Sachin
    vor einem Jahr

    I am also facing same problem, for mqtt connection to aws using ssl certificates. kindly help me to resolve this problem. Every connection this give error.

Themen
Frontend-Web & MobileEntwicklertoolsSicherheit, Identität & Konformität
Tags
Frontend-Web & MobileEntwicklertoolsAWS Zertifikatsmanager
Sprache
English
pc9705atgmi
gefragt vor 2 Jahren7673 Aufrufe
4 Antworten
1
Akzeptierte Antwort

hey @pc9705atgmi, Bruno, Jason I think I've found the problem. According to https://docs.aws.amazon.com/iot/latest/developerguide/iot-connect-devices.html old accountEndpointPrefix of type iot:Data should not be used. It is described as legacy 'Verisign' endpoint and it obviously doesn't work with Android 12. Call: aws iot describe-endpoint --endpoint-type iot:Data-ATS

and you will get new accountEndpointPrefix ending with -ats (or you can just add -ats to your current accountEndpointPrefix) and try again. It works fine for me now.

Goran

profile picture
EXPERTE
goranopacic
beantwortet vor 2 Jahren
1

Hi Bruno, Jason, I've tried on Samsung S21 and Google Pixel 4. Both with Android 12. The same problem. People are reporting it on other websites too: https://github.com/aws-amplify/aws-sdk-android/issues/2741

Goran

profile picture
EXPERTE
goranopacic
beantwortet vor 2 Jahren
0

Can you please clarify what AWS servers you are connecting to? Are they self-managed? If so can you check its configurations?

Jason_S
beantwortet vor 2 Jahren
  • pc9705atgmi
    vor 2 Jahren

    Thanks for your reply! My reply is as follows:

    1. AWS Iot Server.
    2. Sorry! I don't know what "Are they self-managed?" means.
    3. Android 8/9/10/11 phones are working normally. So I don't think it is a matter of configurations.
0

hey @pc9705atgmi - this seems to be an indication that the signing rootCA isn't present on that device. Have you tried a different Android12 device? Also, getting additional details on that rootCA failing validation might help. In odd cases where devices are on a local network that have proxies, i have seen similar issues w/ certificate validation.

hope that helps!

Bruno_M
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt