Showing results for 
Search instead for 
Did you mean: 
Showing results for 
Search instead for 
Did you mean: 

Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X

Unable to connect to Experience Service (HTTPS protocol) with Android device


Unable to connect to Experience Service (HTTPS protocol) with Android device

Hi there


Here is the situation
Thingworx 8.5.5 works with CERTIFICATE.JKS on Tomcat 8.5.43 (NOT a self-signed-certificate)
Experience Service 8.5.9 uses protocol HTTP, everything works


When trying to apply Certificate to Experience Service,
CERTIFICATE.JKS is converted to CERTIFICATE.PFX for usage.


results error (similar here:

Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1473:34)
at TLSSocket.emit (events.js:311:20)
at TLSSocket._finishInit (_tls_wrap.js:916:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:686:12) {


start-es --allowssc would fire up Experience Service
Both https://<server>:2019/ExperienceService/ping 

and https://<server>:2019/ExperienceService/id-resolution/resolutions/?key=urn:vuforia:nokey&resourcetype=Experience&wNdp=768&aspect=spatial-tracking works with TLS on desktop/iOS/Android



Using https://<server>:2019 for Vuforia View APP Experience Service URL
Everything works with iOS device

Not working with Android device: nothing in the Library, and "Whoops! Error loading Experience" message shows up when opening an experience


Same issue with PEM Certificate on Experience Service

Android logfile Error Trust anchor for certification path not found.


Similar here:

The Root CA is in the list of System Trusted credentials already.


Buy the way, no Cleartext issue in the logfile(


How to resolve the issue?


Any reply is appreciated,

Thanks in advanded

SETUP(same macchine): JAVA 1.8.0_192-b12, Tomcat 8.5.43, TWX 8.5.5, ES 8.5.9, Android 9


Android devices are a little more particular about the certs they will allow if they aren't from a well known CA. 

Check out this article:


Are you using a private organization CA? Do you have any intermediate certificates? If so, have you created a cert bundle?



Thanks for reply.


android 9, TWCA.jpg


  • No intermediate certificates.


While unsuccessfully configuring the certificate for the Experience Service, it remains using HTTP only.

Use MED-61226-CD-XXX_SPX_es-X-X-X-bXXXX-XXX-windows-installer.exe which downloaded from


experience servece, modify.png


Then Use HTTP (No TLS)

experience servece, use HTTP.png


After processing, in configuration.json shows


  "port": 2019,
  "realm": "ThingWorx",
  "httpsKeyPath": "",
  "httpsCrtPath": "",
  "httpsCaPath": null,
  "httpsPfxPath": null,
  "httpsCertPassphrase": "",



In Vuforia View, Experience Service URL is set to http://<server>:2019