What version of Android? I believe older versions of Android (perhaps 2.3 and earlier?) where sensitive that the CA bytes match, not just the CA public key. Some CAs have been reissued the CA certs which can be a problem. One of the old verisign ones as like this.
if you would tell me the server name, I could verify this is the issue. But since you think that keeping your server name secret has anything to do with the security of the server, I can't help you further. -bri On Sat, Nov 2, 2013 at 5:23 AM, Sondre Mære Overskaug <[email protected]> wrote: > Hi! > > I am currently developing a hybrid Android-app using the WebView component. > I am struggling with a SSL-certificate on my domain hosting the > webapp/webpage. > > I am getting a SslError.SSL_UNTRUSTED exception when trying to open the > webapp in my WebView. > The cerfiticate which triggers the exception is (I have removed the actual > domain from the chain for security reasons): > > Certificate: Issued to: CN=insert.correct.domain.here,OU=Terms of use at > www.verisign.com/rpa (c)05,O=EVRY AS,L=Oslo,ST=Norway,C=NO; > Issued by: CN=VeriSign Class 3 International Server CA - G3,OU=Terms > of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust > Network,O=VeriSign\, Inc.,C=US; > > Here is the certificate chain from my domain: > > Certificate chain > 0 s:/C=NO/ST=Norway/L=Oslo/O=EVRY AS/OU=Terms of use at > www.verisign.com/rpa (c)05/CN=insert.correct.domain.here > i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at > https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server > CA - G3 > 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, > Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary > Certification Authority - G5 > i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification > Authority > > I have scoured the web, and finally found a reply from a google employee > stating that these root certificates from VeriSign are supported by Android. > > 524d9b43.0: Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust > Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign > Universal Root Certification Authority > 5e4e69e7.0: Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust > Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign > Class 3 Public Primary Certification Authority - G4 > 72fa7371.0: Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public > Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For > authorized use only, OU=VeriSign Trust Network > 7651b327.0: Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public > Primary Certification Authority > 7d453d8f.0: Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust > Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign > Class 3 Public Primary Certification Authority - G3 > c527e4ab.0: Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust > Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign > Class 4 Public Primary Certification Authority - G3 > ed049835.0: Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public > Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For > authorized use only, OU=VeriSign Trust Network > facacbc6.0: Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust > Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign > Class 3 Public Primary Certification Authority - G5 > > As far as I can see (I am no certificate expert), there should be no problem > with our certificate chain? > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
