OK, I have a bit of a strange issue. I have an ssl-only website secured with a Comodo PositiveSSL certificate and the certificate is installed properly on an NGINX server and has been working with no issue.
Every major browser renders the site and links to it on Desktop / Mobile with no certificate errors, however on the Android version of the Facebook mobile app, no matter what, the in-app browser displays a security certificate warning. The regular Android browser / Chrome work just fine in addition to the in-app browser on the Facebook iOS app having no problems whatsoever.
I have tried nearly everything including re chaining the certificate, enabling only secure cypher suites, making sure there is no plain HTTP content and using an NGINX server block to redirect plain HTTP requests to the HTTPS site. My users on this combo are understandably beginning to get a bit frustrated.
Related
I'm working on a native app for iOS and Android using React-Native. I have to hit a third-party REST API that uses https:// protocol. There is a staging server and a production server for the API.
I have success making requests to both servers on iOS. On Android, I can access staging, but not production. Requests to both servers are successful using Postman.
Requests to production on Android give me the infamous [TypeError: Network request failed] message. I looked around on this site and elsewhere, and learned that this is usually the result of a certificate trust issue (which is not something I'm super knowledgeable about). I used openssl to view the certificates and did see three certs when checking staging, and only two for production. I tried following the custom TrustManager example on the Android HTTPS and SSL page: https://developer.android.com/training/articles/security-ssl.html
As well as this tutorial for SSL pinning: https://medium.com/the-many/a-year-of-react-native-ssl-pinning-3801a973cbfe
No luck. I should probably mention that at no point have I seen any logcat messages referring to certificate trust errors, so I'm not even entirely sure this is my issue.. it's just the only thing that makes sense based on what I've been able to find out. I tried going to Android Studio Preferences > Tools > Server Certificates and enabled 'Accept non-trusted certificates automatically' as a sanity check for testing. Still no luck and no change in log messages.
The requests are formatted exactly the same in React-Native, and are successful in three out of four of my scenarios (iOS staging & prod, Android staging). What am I missing?
If they implement SSL on their wordpress site, will both the IOS and Android application automatically work through that SSL certificate or do we need to purchase another certificate. Please explain?
Apppresser creates a mobile wrapper around your site which means that any communication it has with the site will be over the protocol you have installed on the server. If you are using https:// when accessing the site when you create the app then it will be secure.
I am developing an iOS & Android Application with React Native. I use to access my backend server with "normal" url -> http:// ....
Now since i have changed it and added ssl i need to use my new backend url with ssl which is https://
On iOS everything works like it should. The problems are caused by my android app.
I am not sure how to solve this. Is there anything i have to do to access ssl based urls for android? Maybe in my Manifest or something? Any hints would be great...
Android doesn't want to trust server's certificate.
Which Android version you'd tested?
Older versions like 4.1.x haven't installed 'less known' CA's.
Try it with Marshmallow.
To fix it you can always install a proper certificate on the device by hand (settings->security->load ca from sdcard) or change CA on the server to one which is more 'known' (probably more expensive).
BTW. Check out the logs. It should fail on SSl handshake.
Another test you can do is publishing a simple website by this server and try running this website over https on affected Android device. If the system doesn't trust it browser will alert you about that. For instance:
I'm creating a facebook app in the developers side of facebook.
Everything is working when I start browsing the app via browser, but when I try to access the app via a mobile device I get a message like this:
"Secure connection not found"
It is strange because my app URL is a SSL page, we have created our certificate and it expire in 10 years..
Someone have got the same problem in the past?
Thanks!
Have you added a HTTPS enabled mobile site URL under your App's settings? I guess this could be the reason...
The problem was the self-signed certificate, with a new and not self-signed certificate everything works!
We are creating a browser based HTML5 application targeted for Android devices through the Chrome browser. Security is a chief concern and beyond userid/password requirements, the company also desires to ensure each user has a proper SSL certificate installed before granting access.
Does this even make sense, and if so, can someone provide some resources where I can research this further?
I always thought the cert was stored on the server to secure a session between itself and a client. But I am not aware of the browser somehow providing an installed cert to a server that ensures it is a valid client.
SSL communications can involve certificates installed to both the client and server. An IIS website can be configured to require a client side certificate is installed.
Regarding Android, current versions do not support leveraging an installed client side certificate through the browser. This thread is tracking this particular feature.
http://code.google.com/p/android/issues/detail?id=11231#c107