I ran into something that was a pretty hard problem to diagnose: the FSM Android mobile app was not working with HTTPS, but it was working with HTTP. The app doesn't really show exceptions when it fails to establish a connection, it just says: Incorrect service URL or network connectivity, which is accurate, but not very useful. If it showed exceptions it would have said: javax.net.ssl.SSLHandshakeException:java.security.cert.CertPathValidatorException:Trust anchor for certificate path not found.
It took quite a bit of VPN, Firewall and server TCP tracing in order to recognise the issue was likely the TLS handshake and that the customer was using self signed certificates.The solution involved adding trust anchors for self signed certificates in the code (network_security_config.xml), which is a modification.
<trust-anchors> <certificates src="system" /> <certificates src="user" /></trust-anchors>
Please note that the customer was already adding the CA into the local device and all other apps were already working. FSM wasn't because it was not instructed to validate user provided self signed authorities.
Additionally I left the code that shows exceptions in place in case we have future issues that we need to diagnose.
