发表新帖
发表新帖

RapidSSL certificate not trusted on Android tablet

后端 未结
关注
5 387
死守一世寂寞
死守一世寂寞 2021-01-30 13:28

I\'ve installed a RapidSSL certificate, with intermediate certificate, on the site address removed, using DirectAdmin. The RapidSSL installation checker reports a succe

相关标签:
5条回答
  • 佛祖请我去吃肉
    2021-01-30 14:04

    Late response I know, but I had the same problem. Installing the CA for both RapidSSL and GeoTrust on the server-side solved it for me.

    http://support.servertastic.com/rapidssl-and-geotrust-certificate-not-trusted-on-mobile-device/

    This is the RapidSSL and Geotrust CA bundle you need.

    https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem

    Documentation of some providers:

    • RapidSSL
    • Goddady
    0 讨论(0)
  • 攒了一身酷
    2021-01-30 14:04

    It seems, that the (new) GeoTrust Root CA is not installed on various mobile devices: http://support.servertastic.com/rapidssl-and-geotrust-certificate-not-trusted-on-mobile-device/

    You can cross-reference that CA to other known Root-CAs. I added the Cross-Root CA Cert to the ca-bundle/intermediate Cert. After that it worked on Android:

    Copy Geotrust Cross Root CA Certificate: https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1426&actp=search&viewlocale=en_US&searchid=1283360269668

    Add that Cross Root CA Cert to the RapidSSL and Geotrust CA bundle file: https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem

    Then install this new bundle file as intermediate.pem or ca-bundle.crt on your Server.

    0 讨论(0)
  • 醉酒成梦
    2021-01-30 14:07

    Yes, it's fixable. What you need to do is load the root certificate (that is, the public key of the RapipSSL server--in your case, it's the "GeoTrust Global CA") into the Android device so it knows to trust that certificate authority.

    There's a question on the Android StackExchange that suggests multiple ways you can do this.

    In that case... unfortunately, the only way to fix it on the server side is to buy an SSL certificate from a provider that is trusted on all the devices you want to use the site. Sadly, this almost always means buying the more expensive SSL certificates from the biggest CAs. (E.g. in my experience, the RapidSSL line was not trusted by handhelds with iOS and WinMobile, but the parent company GeoTrust's base-level certificate was.)

    Or... you could provide documentation for your end-users on how to trust the cert on their devices.

    0 讨论(0)
  • 星月不相逢
    2021-01-30 14:13

    I had the same problem, but it had nothing to do with the support of RapidSSL's or GeoTrust's certificates: I had concatenated the server and intermediate certificates together in the wrong order, when serving the SSL certificate chain.

    So make sure your server's certificate comes first in the bundle, e.g.:

    cat server.pem intermediate.pem > bundle.pem

    0 讨论(0)
  • 忘了有多久
    2021-01-30 14:22

    Hello in my case (Geotrust RapidSSL), CentOS 6, apache2 settings, trusted SSL for Android devices are:

    SSLCertificateFile      /etc/httpd/ssl/domain.crt
SSLCertificateKeyFile   /etc/httpd/ssl/domain.key
SSLCertificateChainFile /etc/httpd/ssl/intermediate.crt

    The catch is that apache does not need bundle certificate. Just place your crt found in mail from Geotrust

    1. 1st section in your mail with headers -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- in domain.crt file, named as you wish, and
    2. 2nd section found under INTERMEDIATE CA: with headers -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- .. dont miss any dash... and plased in a intermediate.crt file
    3. Find your ssl.conf file uncomment and place values, Done!
    4. In case with many hosts create a seperate ssl-domain.conf for your host
    0 讨论(0)
 看不清?
提交回复
热议问题