Certificate issue: SSL page brings up "you need to set a lock screen pin or password before you can use credential storage" on Android
Solution 1
It's not an Android/Chrome issue. The problem was from the fact that the server was requesting a certificate from the client. For Apache add/change the following parameter in your conf or in your sites definition:
SSLVerifyClient none
Solution 2
This same thing happened to me when I was installing my certificate on my Android Tablet.
- Yes, you need to set a lock or pin code (but this can be removed after installing the certificate)
- Just copy the .pfx file in your Android phone
- On your phone Settings look for Security
- Under credential storage (this option might vary depending on your Phone settings), there should be an option to install certificates
- Restart your phone
Hope this helps.
Solution 3
This isn't the most secure solution - but it got the job done for me. I had to edit the SSL properties through IIS to ignore client certificates. IIS Setting Change
Solution 4
If removing 'verify=1', then no more certificates are valid at all.
jobwat
I do dev/devops for a living and a little as well the rest of the time, because I love it!
Updated on June 11, 2022Comments
-
jobwat almost 2 years
We've setup the certificates on our server and when requesting https://www.ourserver.org, Android (whatever the browser used) shows a little popup
You need to set a lock screen pin or password before you can use credential storage
Which is wrong, it seems that the phone is trying to register that certificate..?
It does happen only on Android so far it's fine on iPhone and desktop browsers
our Stunnel config:
[www.ourserver.org] cert = /etc/stunnel/certs/www.ourserver.org.crt key = /etc/stunnel/keys/www.ourserver.org.key CAfile = /etc/stunnel/certs/www.ourserver.org.intermediate.crt accept = 10.10.54.2:9443 connect = 10.10.54.2:9444 verify=1 xforwardedfor = yes TIMEOUTclose = 0
cert
file is issued by RapidSSL. The intermediateCAfile
contains both: the intermediate certificate first andcert certificate
.Any idea of what went wrong on our certificate config ?
If I go through the process of securing my phone with a lock screen, accessing the same page then shows
No certificates found The app Chrome has requested a certificate. Choosing a certificate will let the app use this identity with servers now and in the future. The app has identified the requesting server as (...), but you should only give the app access to the certificate if you trust the app. You can install certificates from a PKCS#12 file with a .pfx or a .p12 extension located in external storage."
-
jobwat over 10 yearsI'm not trying to add a certificate to a phone, you got it wrong! I'm trying to properly setup a SSL connection
-
dmahapatro over 10 yearsAdd as comment instead of answer.
-
Bruno over 10 yearsWhat do you mean?
verify=1
is to have the server verify client certificates. -
Admin over 10 yearsI removed the option 'verify=1' and restarted stunnel service, but unfortunately SSL did not work at all by accessing the website on Android and Apple phones.