2

My NET.MAUI Android app is throwing SSLPeerUnverifiedException: Hostname 192.168.100.2 not verified when sending POST request to a PHP script located on my desktop's IIS localhost, as shown below.

await Task.Run(() =>
{
    URL urlWebhook = new URL("https://192.168.100.2:443/medservices/ReceiveWebhooks.php");
    HttpsURLConnection? connection = urlWebhook.OpenConnection() as HttpsURLConnection;
    if(connection != null)
    {
        connection.DoInput = true;
        connection.DoOutput = true;
        connection.RequestMethod = "POST";
        connection.ConnectTimeout = 10000;
        connection.ReadTimeout = 10000;
        connection.SetRequestProperty("Content-Type", "application/json");
        connection.SetRequestProperty("Accept", "*/*");
        connection.SetRequestProperty("User-Agent", "SmsGateway/1.0");
        BufferedOutputStream os = new BufferedOutputStream(connection.OutputStream);
        os.Write(Encoding.Default.GetBytes(strRequestBody));
        os.Close();
        isSent = connection.ResponseCode == HttpStatus.Ok;
        connection.Disconnect();
    }
});

To configure https binding and SSL in IIS, I used the following PowerShell script, which also exports the SSL certificate in pfx and pem formats.

$cert_params = 
@{
    Type = "Custom"
    DnsName = "localhost", "192.168.100.2"
    FriendlyName = "IIS Express SSL Server Authentication Certificate"
    CertStoreLocation = "Cert:\LocalMachine\My"
    NotAfter = (Get-Date).AddYears(10)
    KeyAlgorithm = "RSA"
    KeyLength = 2048
    KeyUsageProperty = "All"
    KeyUsage = "KeyEncipherment", "DataEncipherment", "DigitalSignature"
    KeyExportPolicy = "Exportable"
    HashAlgorithm = "SHA256"
    TextExtension = @("2.5.29.37={text}1.3.6.1.5.5.7.3.1")
}
$cert = New-SelfSignedCertificate @cert_params
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::Root, [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine)
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$store.Add($cert)
$store.Close()
$export_params =
@{
    Cert = $cert
    FilePath = "C:\Users\pnfst\Documents\IISExpress\iis_ssl_server_certificate.pfx"
    ChainOption = "EndEntityCertOnly"
    Password = ConvertTo-SecureString -String "Kurort@75" -Force -AsPlainText
}
Export-PfxCertificate @export_params
$certBase64 = [System.Convert]::ToBase64String($cert.RawData, [System.Base64FormattingOptions]::InsertLineBreaks)
$pem = @"
-----BEGIN CERTIFICATE-----
$certBase64
-----END CERTIFICATE-----
"@
Out-File -FilePath "C:\Users\pnfst\Documents\IISExpress\iis_ssl_server_certificate.pem" -InputObject $pem -Encoding ascii
Import-Module WebAdministration
New-WebBinding -Name "Default Web Site" -IPAddress "192.168.100.2" -Port 443 -HostHeader "localhost" -Protocol "https" -SslFlags 1
$binding = Get-WebBinding -Name "Default Web Site" -Port 443 -Protocol "https"
$binding.AddSslCertificate($cert.Thumbprint, "My")
Set-WebConfiguration -Location "Default Web Site" -Filter "system.webServer/security/access" -Value "Ssl"
Restart-WebItem -PSPath "IIS:\Sites\Default Web Site"

I then used created pem to import certificate into the Android user's truststore. I also added this pem file to my app's Platforms\Android\Resources\raw folder, set the build action AndroidResource and created AndroidResource network_security_config.xml in the Platforms\Android\Resources\xml folder of the following content.

<?xml version="1.0" encoding="utf-8" ?>
<network-security-config>
  <domain-config>
    <domain includeSubdomains="true">localhost</domain>
    <domain includeSubdomains="true">192.168.100.2</domain>
    <trust-anchors>
      <certificates src="@raw/iis_ssl_server_certificate"/>
    </trust-anchors>
  </domain-config>
</network-security-config>

And added link to this network security configuration to my AndroidManifest:

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android">
  <application
    android:networkSecurityConfig="@xml/network_security_config"
    android:allowBackup="true"
    android:supportsRtl="true"
    android:label="SmsGateway">
  </application>
  <!--
  ...
  -->
  <uses-permission android:name="android.permission.INTERNET" />
</manifest>

However, none of these steps resolved the issue.
When I connect to the ip-address I specified earlier from the Android web browser, it asks for the certificate every time and connects successfully after selecting it.
I also tested https conntection to my IIS localhost ip-address using openssl, as recommended. It returned "Verify return code: 0 (ok)". This is result.
openssl s_client -debug -connect 192.168.100.2:443

After I deleted and recreated the binding in IIS, openssl gave me the following result.

PS C:\Users\pnfst\Documents\IISExpress>  openssl s_client -debug -connect 192.168.100.2:443
Connecting to 192.168.100.2
CONNECTED(00000004)
write to 0xa0007bef0 [0xa00082770] (299 bytes => 299 (0x12B))
0000 - 16 03 01 01 26 01 00 01-22 03 03 fd 32 cf 62 a2   ....&..."...2.b.
0010 - 31 bc fc c6 e7 f7 72 2c-8d 80 47 ba d5 86 6d fc   1.....r,..G...m.
0020 - c5 15 b3 b0 66 1e 1d 01-ba 52 b3 20 04 a0 fb b1   ....f....R. ....
0030 - 5e 0d e5 bd 12 ab 80 64-37 de 65 ee 01 64 97 d2   ^......d7.e..d..
0040 - 35 3d 4e eb ea d7 64 dc-da 1c 9d ed 00 3e 13 02   5=N...d......>..
0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa   .....,.0........
0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27   .+./...$.(.k.#.'
0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d   .g.....9.....3..
0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 9b   ...=.<.5./......
0090 - 00 0b 00 04 03 00 01 02-00 0a 00 16 00 14 00 1d   ................
00a0 - 00 17 00 1e 00 19 00 18-01 00 01 01 01 02 01 03   ................
00b0 - 01 04 00 23 00 00 00 16-00 00 00 17 00 00 00 0d   ...#............
00c0 - 00 30 00 2e 04 03 05 03-06 03 08 07 08 08 08 1a   .0..............
00d0 - 08 1b 08 1c 08 09 08 0a-08 0b 08 04 08 05 08 06   ................
00e0 - 04 01 05 01 06 01 03 03-03 01 03 02 04 02 05 02   ................
00f0 - 06 02 00 2b 00 05 04 03-04 03 03 00 2d 00 02 01   ...+........-...
0100 - 01 00 33 00 26 00 24 00-1d 00 20 fd 12 25 81 bb   ..3.&.$... ..%..
0110 - b7 b7 3a 06 af 18 43 2c-d6 c1 1d 1f 62 7f b1 88   ..:...C,....b...
0120 - d2 21 64 b8 25 04 6c 07-d4 2f 64                  .!d.%.l../d
read from 0xa0007bef0 [0xa001aa7b3] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 7a                                    ....z
read from 0xa0007bef0 [0xa001aa7b8] (122 bytes => 122 (0x7A))
0000 - 02 00 00 76 03 03 43 0c-5f 12 d5 1f 7f 33 bf 5a   ...v..C._....3.Z
0010 - 8b fe 95 fc 5b dd 2d 13-96 20 47 82 41 41 e1 06   ....[.-.. G.AA..
0020 - 16 b6 8f 39 87 3c 20 04-a0 fb b1 5e 0d e5 bd 12   ...9.< ....^....
0030 - ab 80 64 37 de 65 ee 01-64 97 d2 35 3d 4e eb ea   ..d7.e..d..5=N..
0040 - d7 64 dc da 1c 9d ed 13-02 00 00 2e 00 2b 00 02   .d...........+..
0050 - 03 04 00 33 00 24 00 1d-00 20 ab 99 a5 46 9c 4f   ...3.$... ...F.O
0060 - fb 9d bc b9 92 e9 d6 60-95 03 33 d2 65 68 d6 dc   .......`..3.eh..
0070 - 8f 98 a1 c2 88 26 4f 11-d7 05                     .....&O...
read from 0xa0007bef0 [0xa001aa7b3] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01                                    .....
read from 0xa0007bef0 [0xa001aa7b8] (1 bytes => 1 (0x1))
0000 - 01                                                .
read from 0xa0007bef0 [0xa001aa7b3] (5 bytes => 5 (0x5))
0000 - 17 03 03 04 a6                                    .....
read from 0xa0007bef0 [0xa001aa7b8] (1190 bytes => 1190 (0x4A6))
0000 - 59 a7 02 e9 10 79 57 10-73 34 ae e3 0f 2d f5 43   Y....yW.s4...-.C
0010 - 14 67 9d 56 71 4c ce ec-48 2e 4d 91 8e b1 c5 3d   .g.VqL..H.M....=
0020 - 64 4d c1 4b 4d 63 5b 8f-29 2b 0c 79 fb 5d b0 53   dM.KMc[.)+.y.].S
0030 - 73 4c b3 f4 0a 6c 43 53-83 76 7c 24 08 32 63 b9   sL...lCS.v|$.2c.
0040 - d1 e5 7d 18 be 15 98 3b-54 dd e7 f6 05 ca 79 02   ..}....;T.....y.
0050 - 69 c9 79 d7 72 1d b0 69-6d b6 87 c6 59 d0 3a 23   i.y.r..im...Y.:#
0060 - e5 5f 56 40 76 15 93 b8-ce 85 82 24 c0 81 9c 69   ._V@v......$...i
0070 - 20 60 70 ab 15 8b df 72-25 14 16 e8 39 6f ac 77    `p....r%...9o.w
0080 - 68 c9 40 11 48 76 23 d0-c2 d3 d4 34 68 8d 9b 7f   [email protected]#....4h...
0090 - ea 88 a8 3e 4a 57 54 24-96 14 b6 17 7e 77 73 70   ...>JWT$....~wsp
00a0 - 6b 48 8b bd 33 84 f1 93-23 c7 87 77 1b 1e a3 85   kH..3...#..w....
00b0 - 8d 95 d5 cf 65 03 4e 2e-ff 8a 89 a0 8e 32 bb 08   ....e.N......2..
00c0 - 54 0e f9 d2 7e c0 6b 42-57 11 fe e1 e7 74 a5 6e   T...~.kBW....t.n
00d0 - 55 88 80 29 66 d2 c3 ae-70 5b 86 66 b5 b5 e4 95   U..)f...p[.f....
00e0 - 9e c5 c4 45 a2 92 b3 3f-fd a6 33 82 4c a1 82 26   ...E...?..3.L..&
00f0 - 55 65 f2 89 df ed 53 68-27 e1 68 cb a6 bd 1e 4c   Ue....Sh'.h....L
0100 - 7f 87 70 55 9b fd 6a eb-ee 03 bf 0e 60 4b 06 17   ..pU..j.....`K..
0110 - 08 b9 5d ed a7 a1 53 36-6d 98 99 b1 01 fc 3c 63   ..]...S6m.....<c
0120 - 0c c8 ee c2 b8 6f 5b fb-8a 35 68 d3 60 ba 51 a5   .....o[..5h.`.Q.
0130 - 1f c0 8e 63 e6 23 d1 a8-bd 89 07 60 6e ac 28 b6   ...c.#.....`n.(.
0140 - 99 cf d8 a1 ef 5d ac 25-75 3f f3 a6 d4 b8 e3 5d   .....].%u?.....]
0150 - 3f bc 03 7f 73 84 d5 b7-b0 65 0b a7 29 05 68 6c   ?...s....e..).hl
0160 - 19 d7 62 e7 40 91 b9 e8-18 7c 10 63 76 a1 b6 fb   ..b.@....|.cv...
0170 - a0 b7 5f 57 0c 47 61 e3-f7 21 5e 15 00 b4 91 db   .._W.Ga..!^.....
0180 - 63 2c a1 53 72 ba 65 59-2e 02 4e 73 b5 1b eb 4c   c,.Sr.eY..Ns...L
0190 - 0a bb b9 66 03 ca 1f b0-d4 32 a3 01 5c 4f 3a 9e   ...f.....2..\O:.
01a0 - 6b 0b b7 c0 e7 e5 18 21-ff 41 44 d8 ce 19 b2 99   k......!.AD.....
01b0 - 55 d1 1f 6a c2 47 c9 6d-56 e4 d3 c4 ce f6 bf d1   U..j.G.mV.......
01c0 - 36 93 e7 a7 95 cd cc 99-c6 ba 5c 25 f6 5a 5f 9f   6.........\%.Z_.
01d0 - 25 be 7d 04 e8 06 22 1c-fa a1 5d 78 b3 53 b9 f0   %.}..."...]x.S..
01e0 - 08 a6 67 60 8a 6e 4c 17-b5 c0 e8 db ea 66 cc 1a   ..g`.nL......f..
01f0 - db ee 15 60 b7 be db df-87 05 74 9f a7 0a ff d0   ...`......t.....
0200 - f5 eb 19 29 c6 5a db 60-f2 c1 5d cb 3c c5 cc 10   ...).Z.`..].<...
0210 - d5 ab dd a8 ad 4b 54 e2-16 34 3d 65 5b 63 3f 58   .....KT..4=e[c?X
0220 - f2 e5 2e b9 40 95 15 6d-13 90 bf 96 cf e9 29 f3   [email protected]......).
0230 - ef c2 28 ed a5 a5 11 e0-77 cc 10 b1 ca ed 15 03   ..(.....w.......
0240 - c8 9c 41 05 00 14 ef da-d9 04 2a e7 8d e6 2d 4d   ..A.......*...-M
0250 - 25 57 69 09 5a 60 75 43-22 6d 67 e4 c1 4b 26 79   %Wi.Z`uC"mg..K&y
0260 - 82 dc 4f 10 da d2 36 bb-a4 9f b3 9f 36 08 bf 1d   ..O...6.....6...
0270 - f0 e5 07 52 27 57 90 8c-2f c0 d6 32 f1 cb d4 8c   ...R'W../..2....
0280 - fa d0 3d 99 df a8 2a 09-bf 01 4c f5 07 40 27 7d   ..=...*...L..@'}
0290 - fc 92 75 54 49 9c 96 a0-65 8f 87 a9 19 71 34 da   ..uTI...e....q4.
02a0 - bd 2a 13 fd b9 9e b8 73-90 2b 39 d1 52 79 10 70   .*.....s.+9.Ry.p
02b0 - 37 df ba e0 bf b9 76 86-78 b7 03 ad b8 d4 10 f1   7.....v.x.......
02c0 - 20 ea cc 8d 9a 2f eb 70-44 35 0d 5f f0 08 01 b3    ..../.pD5._....
02d0 - c5 d8 8f 0a 52 7f da e9-a0 ff 7d 03 78 2e fc 9a   ....R.....}.x...
02e0 - 7f 97 f9 6d 99 52 a2 15-01 a2 50 10 78 00 b2 c3   ...m.R....P.x...
02f0 - 9d 21 c0 3a de c0 e5 35-fc f3 f7 91 47 6b 68 f8   .!.:...5....Gkh.
0300 - 6d 7b 58 ec af 93 e5 72-ea 67 22 e5 f6 c4 21 25   m{X....r.g"...!%
0310 - b6 11 1a 7a bd 3e 83 f4-d8 82 81 6b 82 38 7d c0   ...z.>.....k.8}.
0320 - 9b 42 51 8e 85 f3 2c 30-3e 79 7a 45 36 96 72 7b   .BQ...,0>yzE6.r{
0330 - c0 81 2b 1e 01 9f ae 07-0b 69 11 df 0a e2 79 06   ..+......i....y.
0340 - 33 fd a1 5a 53 4f e6 cf-c4 dd 13 ce d7 c2 53 41   3..ZSO........SA
0350 - 88 c5 a6 e9 bf 83 94 fc-b5 82 a7 f8 3d b6 ea f3   ............=...
0360 - c8 8e 1e ca f3 de 8a df-d7 80 00 f7 2d 74 77 96   ............-tw.
0370 - 30 18 64 e9 3b e3 18 51-2b ae 1d 05 f1 52 0e 84   0.d.;..Q+....R..
0380 - 1f f4 63 46 83 aa b9 49-00 1d 60 6b 2d 02 2e d7   ..cF...I..`k-...
0390 - f4 35 ca ac 02 ef 23 b3-7e 4e c3 33 47 89 dd 0a   .5....#.~N.3G...
03a0 - 10 4c d4 4b 02 1c 79 a1-ff 52 1c 56 4b 57 e5 89   .L.K..y..R.VKW..
03b0 - b0 82 fd 44 9c a6 bb d7-fa 39 af 21 87 c9 10 4c   ...D.....9.!...L
03c0 - a4 60 3b dc 25 68 17 57-d7 aa cd e4 35 cd 93 b6   .`;.%h.W....5...
03d0 - 74 37 4a 66 7e cf 32 86-7c a6 ba 04 d4 13 57 7f   t7Jf~.2.|.....W.
03e0 - 75 27 57 df 07 0f 3d 40-3c e9 54 55 f7 ff a3 8a   u'W...=@<.TU....
03f0 - ba 4f bd 3b 11 ed b6 1c-f3 f2 e6 26 d2 7a 75 10   .O.;.......&.zu.
0400 - 73 a1 57 d5 87 92 07 15-e3 4b d3 1f b1 11 ac c4   s.W......K......
0410 - 09 39 fe 86 0c fb b6 96-3e 1d 27 61 98 da 7b fb   .9......>.'a..{.
0420 - 86 34 75 27 80 8c 6a c3-aa 1d 4a 0a aa f1 37 83   .4u'..j...J...7.
0430 - e9 b5 b3 b4 7b dd 6c f7-8c 3c c8 80 a6 85 c8 73   ....{.l..<.....s
0440 - 52 25 a8 6b 67 7e cc 19-e8 a0 63 8b 2a 8c 99 a3   R%.kg~....c.*...
0450 - d9 91 32 fc 1c 4a d0 78-2f 8f f5 86 70 af 07 a1   ..2..J.x/...p...
0460 - be 65 4f 71 87 ab d1 b2-80 5f ad 16 46 30 40 e8   .eOq....._..F0@.
0470 - 37 14 06 e4 54 a1 ac d5-61 69 11 81 96 8b de 7a   7...T...ai.....z
0480 - dc 73 39 41 12 f6 70 2e-62 40 b4 f0 bb 2f ca 5e   .s9A..p.b@.../.^
0490 - 12 8e e8 76 80 fb 59 02-e2 35 e3 64 09 a4 88 96   ...v..Y..5.d....
04a0 - 1d 82 d7 90 d9 cc                                 ......
Can't use SSL_get_servername
depth=0 CN=localhost
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN=localhost
verify return:1
write to 0xa0007bef0 [0xa00082770] (110 bytes => 110 (0x6E))
0000 - 14 03 03 00 01 01 17 03-03 00 19 86 76 6f 2f 26   ............vo/&
0010 - 88 cc 48 9f 4e 3f ae 80-68 bc ee 7b d4 01 3c 9e   ..H.N?..h..{..<.
0020 - ca 4f 0c 79 17 03 03 00-45 c2 3f 93 5e bc 13 d2   .O.y....E.?.^...
0030 - fc 3c 9e 47 24 e2 dd f5-c5 83 b7 77 bf f8 15 86   .<.G$......w....
0040 - 3f bd 25 61 c6 a9 c6 4d-4d 72 b5 e5 57 45 c3 0d   ?.%a...MMr..WE..
0050 - f2 80 75 87 62 af da d1-02 16 bb d7 41 83 83 de   ..u.b.......A...
0060 - 4d ce 40 7d 9a 42 d3 10-f2 9d 58 09 4e e8         M.@}.B....X.N.
---
Certificate chain
 0 s:CN=localhost
   i:CN=localhost
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Oct 22 21:21:54 2025 GMT; NotAfter: Oct 22 21:31:54 2035 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDHTCCAgWgAwIBAgIQNKYhvTGxRbNHDMzV4BzSezANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjUxMDIyMjEyMTU0WhcNMzUxMDIyMjEz
MTU0WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWwBQfWa4Um7onA8BofskAFqGdjgjEO+vHobVPr2fFLzJCUChJ
rIzuFqXR4CtARr63hQsX7jhDm7mk3oEZawE4b7O0bKSrSP9wcU3o/1E2MQtEyuWz
/iLD1rb08eNxwVe5u6AId9hbvCovY5q9JxRpDwv2QYrvmde7dgNVYpqLRLy48YFJ
ZR31eTV5Lwg58OC4+TY6kPi2oSGP8/fxfsGFbyjJD9q6KdDhMbppxyWgiezj+Ywv
vVge5uxMaHKNMraFhOgfHsM/SpfyqmXMGhFyxg0s2S33BECFzWY9WIe6WXi9oGh9
/Qrc6LGNyIlGB4fxDN7IYBIIBhLH4WMsvz8dAgMBAAGjazBpMA4GA1UdDwEB/wQE
AwIEsDAjBgNVHREEHDAagglsb2NhbGhvc3SCDTE5Mi4xNjguMTAwLjIwEwYDVR0l
BAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFOdIR4qDGYb/u1ZLKnEuKO6zT/p9MA0G
CSqGSIb3DQEBCwUAA4IBAQAsjp/ttp7No3pRjHClATDjgMkSOk5wfqOp6sCJ3YUk
wU8DpdWcP9OfMcG2iSlVJvD53iIV4wIOwXsWhKRJMN+MdPRJaPn8OI+WMcWzDL5G
VQ02ak+5EZx+1aSrdwZQAdHWFaEQyyuX/K13ND7HiNdQe5cdTiNxArlROjs3FCIr
zj5ejChGXELnZvF7fbyflzsP3sNdyuukuqRFzoP3+d/PDl5qnevF9f0h2npUgKqO
hMm8UvLoLkrVKhyUj6mCCoRzYTMZiznnSHTQ5CinxElxtNRToGf+dk7JPNbc4pMJ
HYsZTmnMjYYlhNOSEO9Vw9SnNTYPMXI7RW9imFxffj2B
-----END CERTIFICATE-----
subject=CN=localhost
issuer=CN=localhost
---
No client certificate CA names sent
Requested Signature Algorithms: RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Shared Requested Signature Algorithms: RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:ECDSA+SHA256:ECDSA+SHA384:RSA+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1328 bytes and written 409 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
read from 0xa0007bef0 [0xa0007c113] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 62                                    ....b
read from 0xa0007bef0 [0xa0007c118] (98 bytes => 98 (0x62))
0000 - fd f9 d4 49 8c fd 2b 8c-7e 33 a9 47 c5 f8 a8 10   ...I..+.~3.G....
0010 - 18 9c 74 8c 98 df 0c 63-5c 11 dc db c0 3a 60 9d   ..t....c\....:`.
0020 - 9f ef d3 4c 77 02 61 e0-b0 39 67 69 60 0d fe ea   ...Lw.a..9gi`...
0030 - f4 22 e9 75 08 67 8f 21-af 3d 38 88 84 73 aa 5f   .".u.g.!.=8..s._
0040 - d2 e7 9c 85 d9 e6 d7 2d-02 d9 c8 3b ee ba e8 e7   .......-...;....
0050 - e4 f4 8e 4e 4f 93 08 5f-4d 47 2f fa 9d e6 c9 3a   ...NO.._MG/....:
0060 - 89 e2                                             ..
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: F8043540B79750082CF81A94C4666B3FF7EB2629012122FAFF5DBC0169735D60
    Session-ID-ctx:
    Resumption PSK: 5EBD1E67F50721F42D322A8CE964DE43488393080E453AA741AA3EDF55834677BFF11E405D51F9A18DB9BA8E43BF0394
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 36000 (seconds)
    TLS session ticket:
    0000 - 64 49 00 00 16 07 23 0b-b9 3a 65 73 96 60 29 8c   dI....#..:es.`).
    0010 - f6 b7 4c 5d 6f a2 07 cc-83 ba 66 c5 be 1d 08 99   ..L]o.....f.....

    Start Time: 1761220874
    Timeout   : 7200 (sec)
    Verify return code: 18 (self-signed certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

I also tried recreating the SSL certificate with DnsName = "192.168.100.2" and configure binding with empty HostHeader and SslFlags 0. After this the Android browser don't requests the certificate. However, my app still throws the SSLPeerUnverifiedException.
I know the easiest way to solve this problem is to change HttpsURLConnection.DefaultHostnameVerifier to my custom verifier that returns true for my IP address. But I want to understand why the SSL configuration isn't working correctly.
How do I resolve this issue?

Improve this question
3
  • "It returned "Verify return code: 0 (ok)"." - This message is misleading. There was no error in certificate validation since there was no certificate validated - because no certificate was there for validation because the handshake failed with "write: errno=113" since the server closed the connection directly after the ClientHello (without sending a certificate). Commented Oct 23 at 9:48
  • and the config xml is also set as android resource right? Commented Oct 24 at 3:48
  • @H.A.H. Yes, as Android resource. Commented Oct 24 at 8:01

1 Answer 1

Reset to default
1

"192.168.100.2" is not a valid DNSName SAN entry. Only bug-ridden code ever treated it as one. It's an iPAddress.

Per **RFC 5280, 4.2.1.6. Subject Alternative Name:

When the subjectAltName extension contains an iPAddress, the address MUST be stored in the octet string in "network byte order", as specified in [RFC791]. The least significant bit (LSB) of each octet is the LSB of the corresponding byte in the network address. For IP version 4, as specified in [RFC791], the octet string MUST contain exactly four octets. For IP version 6, as specified in [RFC2460], the octet string MUST contain exactly sixteen octets.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I tried your suggestion. It solved my problem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.