@rfc2822 Yes, all seems to be working now. Off to find something else to “fix” !
Don’t go, I read [this page] (http://davdroid.bitfire.at/faq/entry/cannot-verify-hostname) ^^
I use radicale for the server, with a ssl key signed by gandi.net. I tested with [CalDav Sync adapter] (https://f-droid.org/repository/browse/?fdfilter=caldav&fdid=org.gege.caldavsyncadapter), all is OK, sync works. SSL is also OK, I tested with my browser, and it seems to work with CalDav sync adapter.
My problem : IO error Cannot verify hostname <host> with this configuration :
I tried importing my server’s certificate, without results. Any idea ?
What is the domain? If you don’t want to make it public, please send it to firstname.lastname@example.org. Did you test it with the SSL Labs SSL Testing Service linked in the FAQ?
ssllab doesn’t work for a port other than 443
Oh, is it because it’s not port 443, so it doesn’t find hostname “yamaworld.fr:5232” ?
no idea ?
No time yet.
no problem, it’s just a bit fustrating
Ok, found out that:
So let’s have a look at the certificate chain with OpenSSL:
# openssl s_client -host yamaworld.fr -port 5232 --- Certificate chain 0 s:/OU=Domain Control Validated/OU=Gandi Standard SSL/CN=yamaworld.fr i:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA ---
If I look in Firefox on my PC, I see this chain:
So the problem is that your server doesn’t send the the Gandi Standard SSL CA as an intermediate certificate. On devices where the Gandi Standard SSL CA is available by default, it works, but on Android devices, the intermediate certificate is not in the trust store by the default. However, UTN-USERFirst-Hardware is available: .
Configure your Web server to send the Gandi Standard SSL CA as an intermediate certificate
and it will work. Apache FAQ
Strange, my android firefox worked on verifying ssl certificate… But it was that, it works if I use a crt+chain file instead of only crt. Thanks !