Okhttp: javax.net.ssl.SSLHandshakeException: Chain validation failed
This error occurs only in Android Nougat and above when use self-signed certificate。
cnsilvan
All 16 comments
targetSdkVersion 22
compileSdkVersion 25
cnsilvan
on 22 Feb 2017
Can someone explain the reason why this issue was closed? Was it fixed? Or it's not a valid issue (why)?
unext-wendong
on 12 Jul 2017
We see this issue on Android 7.0 with the latest version 3.8.1.
It happens only in the first time when we try to make a https post request after device bootups.
After that, it just works fine.
unext-wendong
on 12 Jul 2017
I have the same issue on android emulator with API 26
OkHttp version: 3.8.0
targetSdkVersion: 25
compileSdkVersion: 25
With api 22 the request works!
gitcarlosandrade
on 12 Jul 2017
Is anyone monitoring this? It'll be nice if someone makes a comment.
unext-wendong
on 19 Jul 2017
Creating an executable test case is the best way to get something fixed.
swankjesse
on 19 Jul 2017
When trying to implement a test case, I found out the possible cause for my issue.
The device I'm using always resets its system time to a fixed time in the past when booting up, and updates the time to the current time shortly after. The certificate verification fails if the https request is made before the system time is updated.
Not related to okhttp. Should have found this before coming to here. Sorry for the trouble.
unext-wendong
on 19 Jul 2017
Not related to okhttp.
cnsilvan
on 23 Aug 2017
get it
maoqis
on 27 Nov 2017
I can reproduce it 100% with an xiaomi mi a1. On nexus 9, 10, 6p, pixel, essential ph1 works.
FabianTerhorst
on 4 Jan 2018
I can reproduce anytime i set my system clock into the future (testing 1 month ahead of the current time)
scottkruse
on 14 Mar 2018
@scottkruse so SSL and faking time don't mix well. e.g. let's encrypt use certificates for 90 days, so many popular sites will issue certificates that have expired in the next month.
yschimke
on 15 Mar 2018
It works for me,thank you
RangerAnan
on 13 Apr 2018
When trying to implement a test case, I found out the possible cause for my issue.
The device I'm using always resets its system time to a fixed time in the past when booting up, and updates the time to the current time shortly after. The certificate verification fails if the https request is made before the system time is updated.
Not related to okhttp. Should have found this before coming to here. Sorry for the trouble.
Did it not work at the wrong time? How to fix it?
leizGit
on 21 May 2019
Did it not work at the wrong time? How to fix it?
If the system time is set to time point at which the server certificate is not valid, https will fail.
We fixed it by waiting for system time to be updated before making any https requests.
unext-wendong
on 21 May 2019
I fixed it by just changing the api's base url from "https" to "http"
Minhalatgit
on 23 Jul 2020
Related issues
yschimke
·
3Comments
tangjiabing
·
3Comments
GuiForget
·
3Comments
NitzDKoder
·
3Comments
rfc2822
·
3Comments
Most helpful comment
I can reproduce anytime i set my system clock into the future (testing 1 month ahead of the current time)