1 Reply Latest reply on Jun 26, 2013 5:17 AM by Clarence Mumford

    SSL certificate requirments for URLLoader() on Android

    Clarence Mumford

      Recently the SSL certificate on my site https://www.jollysnpas.com was updated and now all https requests made by the URLLoader() on Android are being rejected. This is only a problem when running on an actual android device.


      I am trying to get my Hosting provider to investigate, however they are not being very helpfull so hopefully someone here can identify why the new SSL certificate is being rejected so I can get them to fix their SSL certificate.



      to reproduce the error the following code demonstrates the problem.





          import flash.display.Sprite;

          import flash.events.Event;

          import flash.events.HTTPStatusEvent;

          import flash.events.IOErrorEvent;

          import flash.events.ProgressEvent;

          import flash.events.SecurityErrorEvent;

          import flash.net.URLLoader;

          import flash.net.URLLoaderDataFormat;

          import flash.net.URLRequest;

          import flash.net.URLRequestMethod;

          import flash.net.URLVariables;


          public class URLLoaderExample extends Sprite


              private var loader:URLLoader;


              public function URLLoaderExample()



                  var url:String = "https://www.jollysnaps.com/";

                  var request:URLRequest = new URLRequest(url);

                  var requestVars:URLVariables = new URLVariables();

                  request.data = requestVars;

                  request.method = URLRequestMethod.POST;

                  loader = new URLLoader();

                  loader.dataFormat = URLLoaderDataFormat.TEXT;

                  loader.addEventListener(ProgressEvent.PROGRESS, Loading, false, 0, true);

                  loader.addEventListener(Event.COMPLETE, Completed, false, 0, true);

                  loader.addEventListener(HTTPStatusEvent.HTTP_STATUS, httpStatusHandler, false, 0, true);

                  loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, securityErrorHandler, false, 0, true);

                  loader.addEventListener(IOErrorEvent.IO_ERROR, error, false, 0, true);





              private function Completed(e:Event):void {


                  try {

                      var responseVars:Object = JSON.parse(e.target.data);

                  } catch (err:Error) {

                      trace(err.name + " " + err.message);




              private function Loading(e:ProgressEvent):void {

                  if (e.bytesTotal) {

                      trace((Math.round((100 / e.bytesTotal) * e.bytesLoaded)).toString() + "%" );

                  } else {

                      trace("File has no size" );





              private function httpStatusHandler( e:HTTPStatusEvent ):void {

                  trace("httpStatusHandler:" + e.type);



              private function securityErrorHandler( e:SecurityErrorEvent ):void {

                  trace("securityErrorHandler:" + e.text);




              private function error(e:IOErrorEvent):void {

                  trace("error: " + e.text + " Type: " + e.type);








      The code operates correctly running anywhere but android, tracing the content of the file returned by the URL request. The code operated correctly with the old SSL certificate but not the new SSL certificate. it now fails with the error.


      error: Error #2032: Stream Error. URL: https://www.jollysnaps.com/ Type: ioError


      This is a somewhat missleading error code as what is actualy happening is android is refusing to make the URL request as it doesn't trust the SSL certificate and so will not send data over an untrusted link.


      if the URL is changed to a webserver with a real SSL certificate such as.




      then the code operates correctly.


      So to be clear what I am looking to establish is what is incompatible between the SSL certificate for the site https://www.jollysnaps.com/ and the URLLoader running on an Android device so I can report this to my web host because they don't seem to be taking my problem seriously.



      Thanks in Advance