lgerard lgerard - 1 year ago 132
Android Question

SSL Certificate error on Facebook Android App Only

I'm using Gandi SSL certificate on my subdomain and it's working just fine except when website is accessed through Facebook Android app where I get a security error.

I've doubled checked with SSLShoper and QUALYS SSL LABS, with no issue with the chain reported.

Website URL is

and it can be accessed through Facebook by clicking "Tickets available" here

Any clue where the issue could come from?

*******Solved issues******

  1. First issue was a missing certificate in the chain as Anand
    explained it very well

  2. Second issue was in my Heroku
    command. If you run
    heroku certs
    , you might see two certificates, of type SNI and Endpoint. Both have to be updated!

Answer Source

If you look at the Certification Paths section of SSL Labs, you will see that there are two trust paths.

SSL Labs report

While you are sending an intermediate certificate that extablishes trust for the first path, that particular root (Gandi Standard SSL CA 2 -- SHA1: 2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e) was only added in Android 5.1. You haven't specified the version of Android you're seeing this error on and I'm assuming it is something before 5.1.

You will need to send another intermediate cert (USERTrust RSA Certification Authority -- SHA1: eab040689a0d805b5d6fd654fc168cff00b78be3) to complete the second certification path. You can obtain the correct set of both intermediate chains, in the right order, from What's My Chain Cert?

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download