Unable to Connect to https Site with Sauce Connect and Android 7.0 on Native Applications Follow

Avatar
Phil Gochenour
  • Updated

Starting with Android 7.0, Google set stricter rules on how applications and emulators trust user/admin added certificates.
Before, adding your custom SSL certificate to the emulator (which in Sauce's case we did by adding the CyberVillains certificate. which is used by Sauce Connect) would be enough to ensure a successful connection.

This is no longer the case. Your application itself needs to have this certificate for the connection to be trusted.
This is discussed a bit more in detail in this post from the Android Developer's blog. .

Because the Sauce Labs CyberVillains certificate (the certificate used when re-encrypting traffic sent via Sauce Connect) is not trusted as a public CA, your app will not trust this certificate by default.

What does this mean for you? You have two options depending on your setup, and the original certificate of your server.

Option 1

If the server that your app connects to has a valid CA-trusted certificate you can simply add the flag `-B all` to your Sauce Connect tunnel. This will disable SSL bumping and won't re-encrypt traffic.


NOTE: If you do need SSL bumping for other types of tests (for example, Android web tests or desktop browser tests) you should use a separate tunnel for those tests, and avoid using `-B all` on them to have re-encryption work in that situation.

Option 2

If the server that your app connects to does not have a valid CA-trusted certificate, then you will need to add your server's certificate onto your application. The post in the Developer's Blog linked above explains how to do this. The process involves adding the certificate file to your app by creating a network configuration file, and telling your app to trust it.

As an example, this is what a network_security_config.xml file would look like:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <certificates src="@raw/selfsigned_ca" />
        </trust-anchors>
    </debug-overrides>
</network-security-config>

....where @raw/selfsigned_ca is the path to res/raw/selfsigned_ca, which contains my site's certificate.


You then add this file to your AndroidManifest.xml with the android:networkSecurityConfig attribute, as explained in this page on Network Security Configuration in the Android Developers documentation.