Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Roma2013-09-02 12:34:55
Android
Roma, 2013-09-02 12:34:55

Android and iOS swear at ssl certificate

Colleagues, help, pliz, figure it out ...

There is a web server based on linux + apache. An ssl certificate (wildcard) signed by RapidSSL CA (upstream GeoTrust Global CA) is attached to this server.

When I go to this server from a computer (firefox, chrome, opera, opera mobile (via the android emulator)), the browser says that everything is fine, the certificate is reliable.

But if I log in with Android (any browser) and iOS, then the browsers say that the certificate was received from an untrusted certificate authority.

What can be here? Where to dig?
Maybe for Apache you need to do some additional settings?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
R
Roma, 2013-09-02
@Angel2S2

Thank you all for your help. I figured it out ... I
had to specify the file in SSLCertificateFile, in which there is only the server certificate that RapidSSL issued to me. And in SSLCACertificateFile - RapidSSLCABundle.crt, which was downloaded from the RapidSSL website (in this file, Rapid and Geotrust certificates).
I had all the certificates in SSLCertificateFile (I merged them into one file) in order - mine, rapid, geotrust. And in SSLCACertificateFile there is a standard /etc/pki/tls/certs/ca-bundle.crt (there is no rapid in it).

Report
R
Roma, 2013-09-02
@Angel2S2

Yes, all 3 certificates. Key-file is also specified.

Report
S
s1dney, 2013-09-02
@s1dney

Perhaps there are other sites on ssl at this address?

Report
K
kostarus61, 2014-09-18
@kostarus61

Angel2S2, exactly the same problem with the same certificate, I have a server with CentOS, VDS dedicated IP, one domain and one site on this IP. You can describe in more detail where to go, in which files and what needs to be registered.

Report
T
talk2me, 2016-09-23
@talk2me

To make it work on android and ios, you need to add:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
+SSLCertificateChainFile /etc/letsencrypt/live/ domain.tld/chain.pem

Similar questions
X
Xook2021-05-01 22:39:05
How to change ssd m2 mode from x1 to x4? 4Reply
V
Vladimir Korotenko2020-12-12 13:48:13
Subscriptions in a multilingual application, click on the link to the documentation? 1Reply
V
Vladislav Vinokurov2019-03-27 18:45:31
Why doesn't android app connect to north on real device? 1Reply
G
grodim2016-10-30 01:13:42
How to force an Android application to exchange data with a home PC with a dynamic IP? 2Reply
T
tom1392014-10-31 19:32:14
How to disable paid ads in the game for android? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question