Missing error message when missing chained certs

  • Hi,

    It got me hours to figure out why my startssl certificate did not wanted to work with davdroid and I finally managed to know why.
    Until then, when I was trying to add my HTTPS URL within davdroid, it kept telling me that the certificate was not valid. When using CAdroid, the app told me that the BasicConstaints flag was not set to True and refused to add the certificate.

    I finally went on https://sslcheck.casecurity.org/ and the diagnostics told me that "Server configuration does not include all intermediate certificates". I just had to add the missing intermediate certs to make CAdroid happy, and finally davdroid.

    Would it be possible to detect that some chained certs are missing and/or update documentation?

  • developer

    Unfortunately, there's way to detect this automatically.

    If a certificate chain is not trusted, the reason be that it's incomplete on server side. However, the certificate could still be imported by CAdroid and it would work. On the other side, there may be a certificate chain that is complete, but with untrusted root certificate, and in this case the root certificate would have to be imported.

  • OK so maybe this issue could be documented, it would still ease a lot to help new users I think. Simply having a link to any SSL website checker would be great.

  • developer

    l have linked the SSL fest from the homepage. Thanks for the hint.