Why does Android Chrome say my site's security certificate is not trusted?

ubuntu ssl-certificate https android google-chrome
37,382

Solution 1

You need to provide the entire certificate chain in order for it to show up as trusted.

Here's the link I got for comodo's instructions on installing the cert chain in apache: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/637/37/certificate-installation-apache--mod_ssl

I got this from http://www.sslshopper.com/ssl-checker.html#hostname=blendbee.com, which flagged your cert as not being trusted in all browsers because of an incomplete chain.

Solution 2

A certificate can contain a special Authority Information Access extension (RFC-3280) with URL to issuer's certificate. Most browsers can use the AIA extension to download missing intermediate certificate to complete the certificate chain. But some clients (mobile browsers, OpenSSL) don't support this extension, so they report such certificate as untrusted.

You can solve the incomplete certificate chain issue manually by concatenating all certificates from the certificate to the trusted root certificate (exclusive, in this order), to prevent such issues. Note, the trusted root certificate should not be there, as it is already included in the system’s root certificate store.

You should be able to fetch intermediate certificates from the issuer and concat them together by yourself. I have written a script to automate the procedure, it loops over the AIA extension to produce output of correctly chained certificates. https://github.com/zakjan/cert-chain-resolver

Share:
37,382

Related videos on Youtube

Kane
Author by

Kane

Updated on September 18, 2022

Comments

  • Kane
    Kane over 1 year

    My site is https://blendbee.com. It's using a PositiveSSL certificate that is valid.

    In Windows 8 Chrome the certificate is fine (green lock in top left corner).

    But...on my Android, it's not so fine. Screenshot: http://postimg.org/image/6vc64lr1d/

    Any ideas why?

    The server is running Ubuntu 13.10 at Digital Ocean.

    • Kane
      Kane over 9 years
      Yep, this was on my Samsung Galaxy S5
  • rmmoul
    rmmoul about 9 years
    As a note, if you get a bunch of .crt files but no bundle, you may have to create your own bundle file like I did for my comodo cert: support.comodo.com/index.php?/Knowledgebase/Article/View/643‌​/0/…
  • austinian
    austinian over 7 years
    The root cert. was in the trust store, but not the intermediate cert. The cert. chain containing all the intermediates was not included and the client was not climbing up the chain using the Authority Information Access extension (possibly because the information was not included in the cert. as presented by the server) to see if the chain led to a trusted CA.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
How can I get Chrome accepting self signed certificates?
How to add a self-signed certificate as an exception in Chrome?
Chrome reports ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY connecting to local web server over HTTPS
How to handle ERR_INSECURE_RESPONSE in Google Chrome extension
How can I fix the "No certificates found - The app Chrome has requested a certificate" Android / Google Chrome issue
Flutter on Android 7 CERTIFICATE_VERIFY_FAILED with LetsEncrypt SSL cert after Sept 30, 2021
handshakeexception handshake error in client (os error wrong_version_number tls_record cc 242) Flutter app/Node server
Flutter - Failed to launch browser. Make sure you are using an up-to-date Chrome or Edge
adb: failed to open app.apk: Operation not permitted