lgerard lgerard - 26 days ago 14
Android Question

SSL Certificate error on Facebook Android App Only

I'm using Gandi SSL certificate on my subdomain and it's working just fine except when website is accessed through Facebook Android app where I get a security error.

I've doubled checked with SSLShoper and QUALYS SSL LABS, with no issue with the chain reported.

Website URL is

https://tickets.shotguntheapp.com/events/5569
and it can be accessed through Facebook by clicking "Tickets available" here

Any clue where the issue could come from?

*******Solved issues******


  1. First issue was a missing certificate in the chain as Anand
    explained it very well

  2. Second issue was in my Heroku
    certs:update
    command. If you run
    heroku certs
    , you might see two certificates, of type SNI and Endpoint. Both have to be updated!


Answer

If you look at the Certification Paths section of SSL Labs, you will see that there are two trust paths.

SSL Labs report

While you are sending an intermediate certificate that extablishes trust for the first path, that particular root (Gandi Standard SSL CA 2 -- SHA1: 2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e) was only added in Android 5.1. You haven't specified the version of Android you're seeing this error on and I'm assuming it is something before 5.1.

You will need to send another intermediate cert (USERTrust RSA Certification Authority -- SHA1: eab040689a0d805b5d6fd654fc168cff00b78be3) to complete the second certification path. You can obtain the correct set of both intermediate chains, in the right order, from What's My Chain Cert?

Comments