Hi!
I am currently developing a hybrid Android-app using the WebView component.
I am struggling with a SSL-certificate on my domain hosting the
webapp/webpage.
I am getting a *SslError.SSL_UNTRUSTED* exception when trying to open the
webapp in my WebView.
The cerfiticate which triggers the exception is (I have removed the actual
domain from the chain for security reasons):
Certificate: Issued to: CN=insert.correct.domain.here,OU=Terms of use at
www.verisign.com/rpa (c)05,O=EVRY AS,L=Oslo,ST=Norway,C=NO;
Issued by: CN=VeriSign Class 3 International Server CA -
G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust
Network,O=VeriSign\, Inc.,C=US;
Here is the certificate chain from my domain:
Certificate chain
0 s:/C=NO/ST=Norway/L=Oslo/O=EVRY AS/OU=Terms of use at
www.verisign.com/rpa (c)05/CN=insert.correct.domain.here
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server
CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign,
Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary
Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority
I have scoured the web, and finally found a reply from a google employee
stating that these root certificates from VeriSign are supported by Android.
524d9b43.0: Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust
Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign
Universal Root Certification Authority
5e4e69e7.0: Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust
Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign
Class 3 Public Primary Certification Authority - G4
72fa7371.0: Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public
Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For
authorized use only, OU=VeriSign Trust Network
7651b327.0: Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public
Primary Certification Authority
7d453d8f.0: Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust
Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign
Class 3 Public Primary Certification Authority - G3
c527e4ab.0: Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust
Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign
Class 4 Public Primary Certification Authority - G3
ed049835.0: Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public
Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For
authorized use only, OU=VeriSign Trust Network
facacbc6.0: Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust
Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign
Class 3 Public Primary Certification Authority - G5
As far as I can see (I am no certificate expert), there should be no
problem with our certificate chain?
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/groups/opt_out.
