ssl - Android Client certificate 403 -

i trying establish connection between android device , web service using ssl client certificate (server check require client certificate), certificate on server signed ca (go-daddy) have client certificate (*.pfx), fallowed this tutorial attach client certificate file, calling web service using ksoap2, keep getting error 403, device (or pc) web browser working fine (after installing certificate)... don't know client certificate seems me connection not using certificate in correct way.

when testing self sign certificate work well.

any ideas doing wrong? ksoap2 kod:

public void getuser(string user_name, string password, boolean isschedule,         boolean writetostatistic) throws exception {      log.d(globalutil.tag_log, "calling getuser()  web service");     string method_name = "getuser";     globalutil.user = new user();     user = new user();     httpstransportse httptransport = new keepalivehttpstransportse(host,             port, file, timeout);      soapserializationenvelope envelope = new soapserializationenvelope(             soapenvelope.ver12);     soapobject request = new soapobject(namespace, method_name);     httptransport.debug = true;     envelope.dotnet = true;     envelope.headerout = new element[1];     envelope.headerout[0] = elementheaders;      request.addproperty("user_name", user_name);     request.addproperty("password", password);     request.addproperty("isschedule", isschedule);     request.addproperty("writetostatistic", writetostatistic);     envelope.implicittypes = true;     envelope.setoutputsoapobject(request); // prepare request      envelope.addmapping(namespace, "user", new user().getclass());      if (usecertificate) {         try {             ((httpsserviceconnectionse) httptransport                     .getserviceconnection())                     .setsslsocketfactory(sslcontext);         } catch (ioexception e) {              e.printstacktrace();         }     } else         allowallssl();      list<headerproperty> httpheaders = null;     try {          httpheaders = httptransport.call(soap_action + method_name,                 envelope, null);          soapobject response = (soapobject) envelope.getresponse();          if (response == null)             return;          us.id = integer.parseint(response.getproperty("id").tostring());         if (!response.getproperty("user_name").tostring()                 .equals("anytype{}"))             us.user_name = response.getproperty("user_name").tostring();         if (!response.getproperty("password").tostring()                 .equals("anytype{}"))             us.password = response.getproperty("password").tostring();         if (!response.getproperty("user_hebrew_firstname").tostring()                 .equals("anytype{}"))             us.user_hebrew_firstname = response.getproperty(                     "user_hebrew_firstname").tostring();         if (!response.getproperty("user_hebrew_lastname").tostring()                 .equals("anytype{}"))             us.user_hebrew_lastname = response.getproperty(                     "user_hebrew_lastname").tostring();          us.merhav = integer.parseint(response.getproperty("merhav")                 .tostring());         us.yaam = integer.parseint(response.getproperty("yaam").tostring());         us.tat_mifal = integer.parseint(response.getproperty("tat_mifal")                 .tostring());         us.ezor = integer.parseint(response.getproperty("ezor").tostring());         us.ezorlahatz = integer.parseint(response.getproperty("ezorlahatz")                 .tostring());         /*          * us.passwordexpirationdate=(date)          * response.getproperty("passwordexpirationdate");          */         us.passwordexpirationdate = user                 .parsepasswordexpirationdate((response                         .getproperty("passwordexpirationdate").tostring()));         us.password = password;         globalutil.user = us;         setsessioncookie(httpheaders);         log.d(globalutil.tag_log, "finish calling getuser()  web service");      } catch (ioexception | xmlpullparserexception e1) {         if(e1!=null)         {             log.e(globalutil.tag_log, e1.getmessage());              throw e1;         }         log.e(globalutil.tag_log, "error in login web service.");         log.e(globalutil.tag_log, "requestdump: "                 + httptransport.requestdump);         log.e(globalutil.tag_log, "responsedump: "                 + httptransport.responsedump);     } 

it late you, in similar situation...

older versions of android (and pre-1.7 java) had problem (lack of) sni in ssl. supposedly has been fixed since 2.3, believe somehow have managed mimic bug in 5.0 android emulator. (probably using custom socket context factory.) in browser can access url using same keystore/truststore, android 403.

what makes me believe indeed lack of server name indication cause...

openssl s_client -tls1_2 -connect myhost.domain.com:443 -state -cert client.crt -key client.key -pass pass:******** -cafile server.cer -servername myhost.domain.com 

...omitting -servername param @ end results in 403, android code achieves. :d