DBray925 Absent Member.
Absent Member.
14969 views

DigiCert certs not trusted

Odd, our wildcard DigiCert cert is not trusted by iPhones nor by Androids (1.5). We have used SSL Certificates DigiCert Digital SSL Certificate Authority for a while now, and have seen issues with certain older version of Java, however FireFox and IE both trust this source. However, after moving this wildcard cert into the webadmin and device location....FireFox can now hit the WebAdmin site and it's trusted, but our phones are still having to manually trust this cert.

Guess this really isn't an issue, just more of an FYI. The wildcard cert appeared to work, although our phones still don't trust that source.

Thanks,
-DB
Labels (1)
0 Likes
17 Replies
dzanre1 Absent Member.
Absent Member.

Re: DigiCert certs not trusted

And, of course, the problem with an iPhone is just one of assuring the user that it's okay to "trust" the certificate, as the iPhone only asks once and then saves the cert settings.

How do Androids handle this? I know that my Nokia E61i is almost unusable with an untrusted cert, as it asks over and over and over!
0 Likes
DBray925 Absent Member.
Absent Member.

Re: DigiCert certs not trusted

dzanre;1958027 wrote:
How do Androids handle this?


Pretty much the same way. Well, with the app called Moxier, it asks once at the beginning and you trust the cert and then it's done.

We have other users using an app called Touchdown and they have an option in setup called "Fetch and Trust Certificate (not recommended)". If they check that, it never asks them anything and accepts the cert.
0 Likes
dzanre1 Absent Member.
Absent Member.

Re: DigiCert certs not trusted

I think I'm going to need to become a "certificate" expert, and it wasn't what I had planned for this stage in my life - heehee.
0 Likes
DBray925 Absent Member.
Absent Member.

Re: DigiCert certs not trusted

Well, we just tried this on a windows mobile phone...can't believe we found somebody out there that actually had one....but it doesn't accept the cert either. Unfortunately, there is no way to click past this on those phones though, so I guess those users are out of luck.
0 Likes
dzanre1 Absent Member.
Absent Member.

Re: DigiCert certs not trusted

I have added an "SSL Considerations" row to the device info at Data Synchronizer Mobility Connector - CoolSolutionsWiki - if you could add your observations there about the DigiCert not working for the devices you've tested, that would be great!
0 Likes
Highlighted
jfosterqa Absent Member.
Absent Member.

Re: DigiCert certs not trusted

DBray925;1958074 wrote:
Well, we just tried this on a windows mobile phone...can't believe we found somebody out there that actually had one....but it doesn't accept the cert either. Unfortunately, there is no way to click past this on those phones though, so I guess those users are out of luck.


I think there is a way to get windows to accept an untrusted cert. In this forum there were some commands to convert the pem to a cert and then have the windows device download that and then it would work. Will try to dig up that thread for you.
0 Likes
kenrmartin Absent Member.
Absent Member.

Re: DigiCert certs not trusted

Have you tried concatenating the DigiCert certificate and the intermediate certificates into a single PEM file? It should look like this:

-----BEGIN RSA PRIVATE KEY-----
private key text
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
server certificate text
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate certificate text (DigiCert High Assurance CA-3)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate certificate text (DigiCert High Assurance EV Root CA)
-----END CERTIFICATE-----

The DigiCert intermediates for SSL Plus/Wildcard/UC certificates can be downloaded here:

DigiCert High Assurance CA-3
https://www.digicert.com/CACerts/DigiCertHighAssuranceCA-3.crt

DigiCert High Assurance EV Root CA
https://www.digicert.com/CACerts/DigiCertBridge.crt
0 Likes
DBray925 Absent Member.
Absent Member.

Re: DigiCert certs not trusted

kenrmartin;1964048 wrote:
Have you tried concatenating the DigiCert certificate and the intermediate certificates into a single PEM file?


Yes, still doesn't appear to be trusted by the phones, but fine by FireFox.

Thanks for the help though,
-DB
0 Likes
DBray925 Absent Member.
Absent Member.

Re: DigiCert certs not trusted

I'm starting to think this is an issue with the CherryPy webserver that is used. It's not sending the intermediate certificate. I've Googled around, and found similar posts about this issue for other CherryPy users. I've opened a ticket with Novell, and waiting to see what they say.

-DB
0 Likes
kenrmartin Absent Member.
Absent Member.

Re: DigiCert certs not trusted

I think you're right. It looks like they are using CherryPy version 3.1.2 which doesn't seem to include support for chained certificates. It looks like they do support them in v. 3.2:

WhatsNewIn32 - CherryPy - Trac

-Ken
0 Likes
DBray925 Absent Member.
Absent Member.

Re: DigiCert certs not trusted

Yup, I've filed a bug against this, and Novell states that this should be fixed before the product goes live.

Thanks again for all your help!
-DB
0 Likes
DBray925 Absent Member.
Absent Member.

Re: DigiCert certs not trusted

Outstanding...this issue has been fixed with the current BETA release.

Great job Novell devs!
-DB
0 Likes
dzanre1 Absent Member.
Absent Member.

Re: DigiCert certs not trusted

DBray925 wrote:

> Great job Novell devs!


<pat><pat><pat> - Hopefully Kim isn't watching me taking his job away :0

--
Danita
Novell Knowledge Partner
Moving GroupWise to Linux?
http://www.caledonia.net/gwmove.html
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.