Repository with SSL - problem in to do the download


I created my repository FDROID using SSL to my .apks and when the FDROID client to do the download of index-v1.jar I received the error: “Trust Anchor not found for Android SSL Connection” I changed the methods to accept the Https and I also added the root certificate, but I isn’t working too.
What can I do?


Self signed cert ? What Android version?


It is a root comodo and the android is 5.1.1


5.0.1 or 5.1.1?

Did you try any other devices?


Is 5.1.1 and I tried in 7.0 but not worked too


I get, I’ll post the class, if no body to need

public class FdroidKeyPin {
private static FdroidKeyPin instance;
private SSLContext sslContext;

private FdroidKeyPin(Context context) throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");

    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);

    ArrayList<Certificate> caCerts = new ArrayList<>();

    String[] caFiles = context.getFilesDir().list(new FilenameFilter() {
        public boolean accept(File file, String s) {
            return s.toLowerCase().endsWith(".p7b");
    for (String caFile : caFiles)

    caFiles = context.getFilesDir().list(new FilenameFilter() {
        public boolean accept(File file, String s) {
            return s.toLowerCase().endsWith(".cer") ||
    for (String caFile : caFiles)
        loadCACerts(context.openFileInput(caFile), caCerts);

    caFiles = new String[]{"trust-chain.crt"};
    for (String caFile : caFiles)
        loadCACerts(context.getAssets().open(caFile), caCerts);

    // Insere os certificados no KeyStore
    KeyStore ksTrust = KeyStore.getInstance("PKCS12");
    for (int i = 0; i < caCerts.size(); i++)
        ksTrust.setCertificateEntry("cert" + i, caCerts.get(i));
    // Inicia o TrustManagerFactory
    tmf = TrustManagerFactory.getInstance("X509");

    sslContext = SSLContext.getInstance("TLSv1.2");
    sslContext.init(null, tmf.getTrustManagers(), null);

private static void loadCACerts(InputStream is, ArrayList<Certificate> caCerts) throws Exception {
    CertificateFactory factory = CertificateFactory.getInstance("X.509");
    BufferedReader r = new BufferedReader(new InputStreamReader(is));
    StringBuilder total = new StringBuilder();
    String line;
    boolean reading = false;
    while ((line = r.readLine()) != null) {
        if (line.matches("-----.*-----")) {
            if (reading) {
                        new ByteArrayInputStream(total.toString().getBytes())));
                total = new StringBuilder();
                reading = false;
            } else {
                reading = true;
        } else if (!line.equals(""))

public static synchronized FdroidKeyPin getInstance(Context context) throws Exception {
    if (instance == null)
        instance = new FdroidKeyPin(context);
    return instance;

public SSLContext getContext() {
    return sslContext;


Sounds like older versions of Android don’t fully support that Certificate Authority.


I recommend Let’s Encrypt for certificates. It is trustworthy, easy, free software, and doesn’t cost money.