KimHJ 3 Posted July 11 (edited) I get this error when I try to send a GET using the RESTRequest in a Android application using Delphi 12, it works fine if I run it as a windows application. This is a multi-device application. Exception class EJNIException with message 'java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. The server is hosted in the cloud on windows server with a SSL certificate issued by Symantec. Thanks for any help. I found following on the internet search. I have to add this line to the Android Manifest file: android:networkSecurityConfig="@xml/network_security_config" That example show how to do it with a self-signed certificate, but since I don't have a self signed I have no idea how to to the rest. I had to create res\xml\network_security_config.xml file with the similar contents: <?xml version="1.0" encoding="utf-8"?> <network-security-config> <domain-config> <domain includeSubdomains="true">My_Server.com</domain> <trust-anchors> <certificates src="@raw/my_ca"/> </trust-anchors> </domain-config> </network-security-config> I tried to use the pem file like this <certificates src="@raw/publiccert.pem"/> But it didn't work. Here is the link to what I found; https://stackoverflow.com/questions/56301765/self-signed-certificate-in-android-application-of-rad Edited July 12 by KimHJ Found some information on stackoverflow Share this post Link to post
Hans J. Ellingsgaard 21 Posted July 14 Have you checked if your certificate is under known certificates on your Android device? If it's not, you'll have to install it. Share this post Link to post
KimHJ 3 Posted July 17 The certificate on the rest server is issued by Digicert and according to Android development Android should work on any known certificate. Share this post Link to post
Hans J. Ellingsgaard 21 Posted July 17 Yes, Digicert is a well known provider of certificates, but I would check it anyway. When searching for errors, should work is not good enough, double check everything to make shure that it really works. Some older Android devices does not get there certificates updated, and Digicert has issued some new certificates, that's not working on older devices. You can check the certificates from here: Open your device's Settings app. Tap Security & privacy More security settings Encryption & credentials. Under "Credential storage": Share this post Link to post
KimHJ 3 Posted July 17 I have 12 certificates from DigiCert on my Android phone (Samsung S23 Ultra) I will have to check Samsung 10s that I use for testing. Would I have to include the Certificate in the apk for the Android Play store for it to work on any Android phone? Share this post Link to post
Hans J. Ellingsgaard 21 Posted July 17 No, as far as I know, you have to download it to the phone and install it under the Encryption & credentials window. I had this problem with a client, that couldn't acces there webservice with some older handheld terminals, after they got a new DigiCert certificate. If we manually installed the certificate, some of the terminals were working again, but for the oldest version of terminals, it wasn't even possible to install the certificate, as it was not compatible with the Android version. After some research we ended up buying a certificate from GoDaddy, that was compatible with the older Android devices. Share this post Link to post
KimHJ 3 Posted July 17 Some suggested that it's only in debug mode that it gets rejected, I will try to create an apk and install it and see if it works. Share this post Link to post