Certificate is trusted by PC but not by Android

android ssl-certificate

Solution 1:

You might be missing an intermediate certificate in your cert file. If you have already visited another website which has the same certificate seller, the intermediate certificate is remembered in your browser. This might not - or even better - will not be the case with every visitor to your website. To solve a missing intermediate certificate in the SSL connection, you will need to add the intermediate certificate to your own certificate file.

GoDaddy has some info on the intermediate certificates (but the best source is always your certificate provider): http://support.godaddy.com/help/article/868/what-is-an-intermediate-certificate

I once had this issue of an intermediate cert (with Commodo too) and had to combine my own cert file with the intermediate CA's to work. Once done no errors occurred anymore.

Installation instructions per webserver by Godaddy: http://support.godaddy.com/help/article/5346/installing-an-ssl-server-instructions?locale=en

And here is a list of the most common installation guides by Commodo themselves: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1145/0/how-do-i-make-my-own-bundle-file-from-crt-files

Depending on what webserver you are using, you'll need to specify all certificates (domain certificate, intermediate and root) or combine them into one (eg for Nginx) in the order:

  1. domain certificate
  2. intermediate certificate
  3. root certificate

An easy way of doing this in an SSH terminal is by typing: 

cat domainfile intermediatefile rootfile > targetfile

Certificate test tool

If you encounter further problems or are unsure whether the certificate is correct, please try an online tool to verify your SSL certificate. For instance: networking4all.com/en/ssl+certificates/quickscan

SNI support for android 2.2 and lower

Please note android 2.2 (and probably older) do not support SNI, which allows multiple SSL certificates for different hostnames to work without issues on one single IP address. Thanks to @technyquist for providing that information. Please review this SO question about SNI for more information on this issue.

Solution 2:

You have to create a crt bundle then it will be fine. You will be receiving three crt files. Use them all! If you only used the domain.crt then there will be warning on android but not on PC.

I am on nginx. I opened domain_name.crt and then opened positivesslca2.crt, select all and copy to the end of domain_name.crt. Then open AddTrustExternalCARoot.crt, copy to the end of domain_name.crt again. Then install the domain_name.crt

works good.

Related

Switch-case won't compile after commenting out an unused line
Best Free Text Editor Supporting *More Than* 4GB Files? [closed]
How does one monkey patch a function in python?
Android: show/hide a view using an animation
ASP.NET Core Razor pages vs Full MVC Core [closed]
How can I generate a git diff of what's changed since the last time I pulled?
Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
What's the difference between git stash save and git stash push?
Get loop index of outer loop
How do I modify a Homebrew formula?
Dart Fold vs Reduce
How to crop a CvMat in OpenCV?