Premise:
When Android uses Charles to crawl HTTPS request messages, both Android and Charles have correctly installed the certificate after the packet fails, error sslhandshake:received fatal Alert:certificate_ Unknown, as shown in:
Reason:
Please refer to this link if the security policy adjusted after Android 7 will cause some cell phone capture to fail: https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
It is mentioned by default that applications for API level 24 and later are no longer trusted by users or administrators to add a CA for secure connections. This means that even if you have a trusted certificate installed on your phone, it's not an egg.
Solution One:
If the Charles certificate is properly installed on your phone:
-
Add the following configuration to your Androidmanifest.xml file:
<?xml Version= "1.0" encoding= "Utf-8" ><manifest ... > <application android:networksecurityconfig= "@xml/ Network_security_config "... >...</application></manifest>
Create a new XML folder under the Res directory, and then create a new file under the res/xml/path network_security_config.xml
Res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?> <network-security-config> <domain-config> <domain includeSubdomains="true">你要抓取的域名</domain> <trust-anchors> <certificates src="user"/>//信任用户自己安装的证书 </trust-anchors> </domain-config></network-security-config>
Solution Two:
If you have a certificate installed on your phone, you can use the following method:
-
Add the following configuration to your Androidmanifest.xml file:
<?xml Version= "1.0" encoding= "Utf-8" ><manifest ... > <application android:networksecurityconfig= "@xml/ Network_security_config "... >...</application></manifest>
Create a new XML folder under the Res directory, and then create a new file under the res/xml/path network_security_config.xml
Res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?> <network-security-config> <domain-config> <domain includeSubdomains="true">你要抓取的域名</domain> <trust-anchors> <certificates src="@raw/证书文件名"/> </trust-anchors> </domain-config></network-security-config>
Create a new raw folder in the Res directory, put the certificate file installed on the phone into the res/raw/directory, the certificate format: PEM,CA, etc. (Chales will be opened in your mobile browser http://charlesproxy.com/ Getssl the downloaded certificate can be placed), the certificate file name in step 2 is the name of the file you put in the res/raw/directory
Once you have configured the project again, you can see the message!
Refer to Google-android for more configuration methods.
Reprinted: 75329629
Charles Android Grab packet failed sslhandshake:received fatal Alert:certificate_unknown