• 11
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

RapidSSL certificate not trusted on Android tablet

I've installed a RapidSSL certificate, with intermediate certificate, on the site address removed, using DirectAdmin. The RapidSSL installation checker reports a successful installation.

However, when I visit the site on an Archos 10.0 tablet with Android 2.2, it complains that the certificate was not issued by a trusted authority. It works fine on my Sony Ericsson Arc (phone) with Android 2.3.

Is there anything I can do to fix this on the server side (without touching the tablet)? Obviously if that version of Android simply doesn't trust RapidSSL, I can't do anything, but maybe there's a misconfiguration with my CA chain or something?

Late response I know, but I had the same problem. Installing the CA for both RapidSSL and GeoTrust on the server-side solved it for me.

http://support.servertastic.com/rapidssl-and-geotrust-certificate-not-trusted-on-mobile-device/

This is the RapidSSL and Geotrust CA bundle you need.

https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem

Documentation of some providers:

  • 49
Reply Report
    • To be more precise, what you need is the "Cross Root" CA (linked from above page), which chains the GeoTrust Global CA to the more widespread Equifax CA.
      • 1
    • This is perfect! I've had this issue for a few days now, and haven't had time to fix it -- finally got back into it, spent a few hours without much luck, found your post, and now it works! Thanks heaps! :)

It seems, that the (new) GeoTrust Root CA is not installed on various mobile devices: http://support.servertastic.com/rapidssl-and-geotrust-certificate-not-trusted-on-mobile-device/

You can cross-reference that CA to other known Root-CAs. I added the Cross-Root CA Cert to the ca-bundle/intermediate Cert. After that it worked on Android:

Copy Geotrust Cross Root CA Certificate: https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1426&actp=search&viewlocale=en_US&searchid=1283360269668

Add that Cross Root CA Cert to the RapidSSL and Geotrust CA bundle file: https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem

Then install this new bundle file as intermediate.pem or ca-bundle.crt on your Server.

  • 2
Reply Report

I had the same problem, but it had nothing to do with the support of RapidSSL's or GeoTrust's certificates: I had concatenated the server and intermediate certificates together in the wrong order, when serving the SSL certificate chain.

So make sure your server's certificate comes first in the bundle, e.g.:

cat server.pem intermediate.pem > bundle.pem

  • 0
Reply Report

Hello in my case (Geotrust RapidSSL), CentOS 6, apache2 settings, trusted SSL for Android devices are:

SSLCertificateFile      /etc/httpd/ssl/domain.crt
SSLCertificateKeyFile   /etc/httpd/ssl/domain.key
SSLCertificateChainFile /etc/httpd/ssl/intermediate.crt

The catch is that apache does not need bundle certificate. Just place your crt found in mail from Geotrust

  1. 1st section in your mail with headers -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- in domain.crt file, named as you wish, and
  2. 2nd section found under INTERMEDIATE CA: with headers -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- .. dont miss any dash... and plased in a intermediate.crt file
  3. Find your ssl.conf file uncomment and place values, Done!
  4. In case with many hosts create a seperate ssl-domain.conf for your host
  • 0
Reply Report

Yes, it's fixable. What you need to do is load the root certificate (that is, the public key of the RapipSSL server--in your case, it's the "GeoTrust Global CA") into the Android device so it knows to trust that certificate authority.

There's a question on the Android StackExchange that suggests multiple ways you can do this.

In that case... unfortunately, the only way to fix it on the server side is to buy an SSL certificate from a provider that is trusted on all the devices you want to use the site. Sadly, this almost always means buying the more expensive SSL certificates from the biggest CAs. (E.g. in my experience, the RapidSSL line was not trusted by handhelds with iOS and WinMobile, but the parent company GeoTrust's base-level certificate was.)

Or... you could provide documentation for your end-users on how to trust the cert on their devices.

  • -1
Reply Report