06-25-2012 04:49 PM
I am getting an error when I got to activate my Android phones. After I enter in my servers url I get an error that says: Certificate not trusted. The security certificate for this server is not trusted. Do you want to continue?
I got a SSL cert from Go Daddy and installed it on my Fusion server. I tested my cert using http://www.sslshopper.com/ssl-checker.html and it validaded the SSL cert.
My Fusion webserver is in a DMZ and I can browse to www.my-domain.com/ios/mdm/2 on the Android phone's browser without getting any ssl errors. I check in the browser and it is loading the SSL cert correctly.
Does anyone have any ideas why I am getting this error? Thanks for your help
06-27-2012 12:22 PM
I would check your version of Android and see if it includes the root certs for Go Daddy. I've found that some versions of Android are missing various 3rd party root certificates.
10-09-2012 03:20 PM
Any other reasons why this might be happening?
I am having the same problem. The SSL checker says my certificate is valid. When I browse to https://mysite.com in my Android's browser and view the certificate it says the certificate is valid, leading me to believe that the certificate root is on the phone and that the certificate is correct.
But when I enter mysite.com into the Mobile Fusion app I get the warning saying the certificate is not trusted.
10-10-2012 03:39 AM
10-10-2012 08:23 AM - edited 10-10-2012 08:28 AM
As far as I know, the only way to get a list of trusted CA in pre-ICS Android is per device by using ADB to pull the file they are stored in. See here for more info. In any case, I'm sure the root CA is on the phone for the following reasons.
When I browse to my site using the Android device's browser, I do not get SSL certificate errors and the page info displays the certificate as being valid.
Next, I setup a different domain name to point at my server, thus making the SSL certificate appear to be invalid when browsing to the site using that domain (because the common name on the certificate does not match the site name). As expected, I received an SSL warning from the Android browser.
Lastly, if I browse to https://mysite.com:8443 I do get an SSL warning stating the Administration Console's self-signed certificate does not come from a trusted authority.
Therefore, the root CA must be on my phone, otherwise I would get a SSL warning when browsing to https://mysite.com.
Since browsing to https://mysite.com and using the Mobile Fusion app use the same port (443), IIS must be serving the same certificate to both. Now, that leaves me with confusion when Mobile Fusion tells me the certificate is invalid. Is there anyway to view the certificate that is presented to the Mobile Fusion app?
I'm sure I have something misconfigured in Mobile Fusion or UDS, but I've installed UDS several times now with the same results each time. Anyone have any thoughts?
10-10-2012 08:47 AM
10-10-2012 10:47 AM - edited 10-10-2012 10:49 AM
First, thank you for the input.
I am not using WiFi for the tests, and am using my mobile carrier.
When I installed UDS I did use the externall accessible domain, I believe. I registered a domain, let's call it example.info. Then I obtained an SSL certificate for example.info and imported it into IIS. When installing UDS I use example.info as the name for all modules (they are all on the saem server).
Testing in my browser from a computer outside the network that my server is on I get no SSL errors. In the attached picture, I have browsed to https://example.info and as you can see the SSL certificate is valid. I get not untrusted or invalid SSL messages when I connect on port 443. Port 443 is what the Mobile Fusion app uses for communication, right?
EDIT: I don't know the picture won't show. It is here: http://i.imgur.com/p5zXw.png
I did get an odd occurance at times when installing UDS, where it would fail to connect to example.info. To get around this, what I had to do was add example.info to my hosts file on the server and map it to the loopback address. This is clearly not the way things are supposed to work, but this seems like an unrelated networking issue that I don't see affecting this SSL issue.
I'm think I will completely uninstall UDS and then try to install it again. Since I want to be able to access UDS at example.info, have registered example.info, and have an SSL certificate for example.info, when I enter the "fully qualified domain name" for the Communication module, I should enter example.info. Is that correct?
Thanks for all the help. Hopefully I will get this sorted out in short order.
10-18-2012 10:29 AM
Well I sorted out the UDS installation issue, and determined it is not likely related to the certificate not trusted issue. The UDS installation issue (having it crash or throw errors if I used the FQDN for the communication and core modules) was because of a misconfigured DNS server. Traffic from inside our network going to our UDS server was being sent to the wrong place. UDS now installs as per the instructions without problems.
However, my SSL certificate is still not trusted. I used Wireshark to look at the traffic coming into the server when I try to activate devices and have found that UDS is sending correct SSL certificate to the Mobile Fusion app on the Android phones (my certificate is issued by Comodo and I can see this certificate in the packet capture). I have also verified that my SSL certificate is correct (by using the SSL checker mentioned in another post above and using multiple PC browsers). In addition, I know the CA root certificate is installed on the phones (tried multiple phones) because when browsing to my domain, the Android browser says the certificate is valid.
I am starting to think this issue is with the Mobile Fusion app. However, this doesn't seem logical since it is not a widespread problem. Sadly, I'm running out of ideas and have to ask again if anyone has any??
Thanks for all the support so far!
10-18-2012 11:08 AM
Took some screenshots from one the Android phones. They show the UDS warning about the certificate and the certificate as seen from the Android browser. Assuming the attach image feature wouldn't work for me again, here is a link: