D

Danil Tunev2018-11-16 20:19:49

Digital certificates

Danil Tunev, 2018-11-16 20:19:49

How is the authenticity of an ssl certificate verified by a mobile browser?

Acquired a free certificate from the famous let`s encrypt. The procedure for obtaining was performed using certboot, I received 4 files: cert.pem, privkey.pem, chain.pem, fullchain.pem. It seems to be clear that the first 2 files are a certificate and a secret key. When setting up the server, I specified these files, that's it, the browser on the computer displays the site !, but not on the mobile!, A warning appears that the certificate is not verified. I'm not strong in x.509 and I can't properly configure the nginx server, so tell me!. Is the trust chain a fullchain.pem file (where to put it)? And how to force ocsp verification by the client-browser, and is there such an opportunity for this free certificate at all? Oh yes, is it possible to somehow generate a crl file from these four files, or do you need something else?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

CityCat4, 2018-11-17
@lada-guy

This is a typical LE problem - its root certificate is not listed in your phone's root certificate, so it will not be trusted. Depending on which phone - it can either be added to the root, or it can be with a warning or not.
The presence of OCSP is set by the server, it is either there or not. You cannot generate the CRL yourself, but the CA can provide a link where you can download it (sometimes it is embedded in the certificate)