Certificate is trusted by PC but not by Android
Solution 1:
You might be missing an intermediate certificate in your cert file. If you have already visited another website which has the same certificate seller, the intermediate certificate is remembered in your browser. This might not - or even better - will not be the case with every visitor to your website. To solve a missing intermediate certificate in the SSL connection, you will need to add the intermediate certificate to your own certificate file.
GoDaddy has some info on the intermediate certificates (but the best source is always your certificate provider): http://support.godaddy.com/help/article/868/what-is-an-intermediate-certificate
I once had this issue of an intermediate cert (with Commodo too) and had to combine my own cert file with the intermediate CA's to work. Once done no errors occurred anymore.
Installation instructions per webserver by Godaddy: http://support.godaddy.com/help/article/5346/installing-an-ssl-server-instructions?locale=en
And here is a list of the most common installation guides by Commodo themselves: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1145/0/how-do-i-make-my-own-bundle-file-from-crt-files
Depending on what webserver you are using, you'll need to specify all certificates (domain certificate, intermediate and root) or combine them into one (eg for Nginx) in the order:
- domain certificate
- intermediate certificate
- root certificate
An easy way of doing this in an SSH terminal is by typing:
cat domainfile intermediatefile rootfile > targetfile
Certificate test tool
If you encounter further problems or are unsure whether the certificate is correct, please try an online tool to verify your SSL certificate. For instance: networking4all.com/en/ssl+certificates/quickscan
SNI support for android 2.2 and lower
Please note android 2.2 (and probably older) do not support SNI, which allows multiple SSL certificates for different hostnames to work without issues on one single IP address. Thanks to @technyquist for providing that information. Please review this SO question about SNI for more information on this issue.
Solution 2:
You have to create a crt bundle then it will be fine. You will be receiving three crt files. Use them all! If you only used the domain.crt then there will be warning on android but not on PC.
I am on nginx. I opened domain_name.crt and then opened positivesslca2.crt, select all and copy to the end of domain_name.crt. Then open AddTrustExternalCARoot.crt, copy to the end of domain_name.crt again. Then install the domain_name.crt
works good.