Dealing with connection to https on old android may depend on Trusted credentials on the the device.
Letsecrypt root certificate does not installed on Trusted credentials prior android 7.1.1.
Some application may throw:
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
Solution 1
Install letsecrypt pem manually. You can download from https://letsencrypt.org/certs/isrgrootx1.pem?hl=en-US .
On your device (evercoa gen pro x pro android 7.0). Goto setting -> Security.
You may find
- Trusted Credentials
- User Credentials
- Install from SD Card
Choose Install from SD Card:
- Filed Name of Certification e.g ISGR ROOT X1 or Letsecrypt.
- Credentials Use select VPN and aps
Open your Android Studio project and create res/xml/network_security_config.xml.
<?xml version="1.0" encoding="utf-8"?><network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
Edit AndroidManifest.xml
<application
... android:networkSecurityConfig="@xml/network_security_config"
...
>
If RRI's stream ever falls back to http (not https), you should add cleartextTrafficPermitted="true" to the <base-config> tag:
...
<base-config cleartextTrafficPermitted="true"
>
...
if this XML fix doesn't work, it's not the certificate—it's the Android 7.0 Cipher bug. In that specific case, you will have to use Conscrypt library (Solution 2).
Solution 2 using Conscript Library
Add depdency into gradle.build app
dependencies {
implementation 'org.conscrypt:conscrypt-android:2.5.2'
}
Initialize at application startup or foreground
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.N_MR1) {
// Below Android 7.1.1
Security.insertProviderAt(Conscrypt.newProvider(), 1);
}
