Missing error message when missing chained certs
It got me hours to figure out why my startssl certificate did not wanted to work with
davdroidand I finally managed to know why.
Until then, when I was trying to add my HTTPS URL within
davdroid, it kept telling me that the certificate was not valid. When using
CAdroid, the app told me that the
BasicConstaintsflag was not set to True and refused to add the certificate.
I finally went on https://sslcheck.casecurity.org/ and the diagnostics told me that "Server configuration does not include all intermediate certificates". I just had to add the missing intermediate certs to make
CAdroidhappy, and finally
Would it be possible to detect that some chained certs are missing and/or update documentation?
Unfortunately, there's way to detect this automatically.
If a certificate chain is not trusted, the reason be that it's incomplete on server side. However, the certificate could still be imported by CAdroid and it would work. On the other side, there may be a certificate chain that is complete, but with untrusted root certificate, and in this case the root certificate would have to be imported.
OK so maybe this issue could be documented, it would still ease a lot to help new users I think. Simply having a link to any SSL website checker would be great.
l have linked the SSL fest from the homepage. Thanks for the hint.