Certificate issue: SSL page brings up "you need to set a lock screen pin or password before you can use credential storage" on Android

android ssl https certificate stunnel
11,122

Solution 1

It's not an Android/Chrome issue. The problem was from the fact that the server was requesting a certificate from the client. For Apache add/change the following parameter in your conf or in your sites definition:

SSLVerifyClient none

Solution 2

This same thing happened to me when I was installing my certificate on my Android Tablet.

  1. Yes, you need to set a lock or pin code (but this can be removed after installing the certificate)
  2. Just copy the .pfx file in your Android phone
  3. On your phone Settings look for Security
  4. Under credential storage (this option might vary depending on your Phone settings), there should be an option to install certificates
  5. Restart your phone

Hope this helps.

Solution 3

This isn't the most secure solution - but it got the job done for me. I had to edit the SSL properties through IIS to ignore client certificates. IIS Setting Change

Solution 4

If removing 'verify=1', then no more certificates are valid at all.

Share:
11,122
jobwat
Author by

jobwat

I do dev/devops for a living and a little as well the rest of the time, because I love it!

Updated on June 11, 2022

Comments

  • jobwat
    jobwat almost 2 years

    We've setup the certificates on our server and when requesting https://www.ourserver.org, Android (whatever the browser used) shows a little popup 

    You need to set a lock screen pin or password 
before you can use credential storage

    Which is wrong, it seems that the phone is trying to register that certificate..?

    It does happen only on Android so far it's fine on iPhone and desktop browsers

    our Stunnel config:

    [www.ourserver.org]
  cert = /etc/stunnel/certs/www.ourserver.org.crt
  key = /etc/stunnel/keys/www.ourserver.org.key
  CAfile = /etc/stunnel/certs/www.ourserver.org.intermediate.crt
  accept  = 10.10.54.2:9443
  connect = 10.10.54.2:9444
  verify=1
  xforwardedfor = yes
  TIMEOUTclose = 0

    cert file is issued by RapidSSL. The intermediate CAfile contains both: the intermediate certificate first and cert certificate.

    Any idea of what went wrong on our certificate config ?

    If I go through the process of securing my phone with a lock screen, accessing the same page then shows

    No certificates found

The app Chrome has requested a certificate. 
Choosing a certificate will let the app use this 
identity with servers now and in the future. The 
app has identified the requesting server as (...), 
but you should only give the app access to the 
certificate if you trust the app. You can install 
certificates from a PKCS#12 file with a .pfx or a 
.p12 extension located in external storage."
  • jobwat
    jobwat over 10 years
    I'm not trying to add a certificate to a phone, you got it wrong! I'm trying to properly setup a SSL connection
  • dmahapatro
    dmahapatro over 10 years
    Add as comment instead of answer.
  • Bruno
    Bruno over 10 years
    What do you mean? verify=1 is to have the server verify client certificates.
  • Admin
    Admin over 10 years
    I removed the option 'verify=1' and restarted stunnel service, but unfortunately SSL did not work at all by accessing the website on Android and Apple phones.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

RapidSSL certificate not trusted on Android tablet
HTTPS connection with client certificate in an android app
iPhone: install certificate for SSL connection
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
Android SSL https post
Untrusted certificate error and httpclient on android
net::ERR_CERT_AUTHORITY_INVALID when trying to locally call to API
SSL/TLS protocols and cipher suites with the AndroidHttpClient
SSL certificate: incorrect order
Why Firefox alert me about HTTPs "Untrusted" Connection on Positivessl - Comodo certificate?