Smart Phone problems (Security Certificate)

[LadyAsprin]

I get told that the security certificate is invalid and I have to click continue to get to any BG page.

[LadyAsprin]

For my phone its new, I only noticed it after the last time the forum was offline.

The entire message is - There are problems with the security certificate for this site.  This certificate is not from a trusted authority.

I have clicked continue quite a few times yet this message come up when I try to navigate the site.  I'm on Three but often access the net using my phones wifi on my cable broadband.

[Major Willoughby Chase]

Hi there,

as your issue is quite different to the forum ban one, I've split it out into it's own thread, to save on confusion.

W

[LadyAsprin]

Thanks.

[Reverend Panic]

Hi, there's a few things it could be.

The date settings in your phone could be off, this is especially common in blackberries which default to Casablanca GMT instead of London/Dublin GMT. Make sure the time zone is correct and that time is set to Automatic.

Otherwise it could be a content issue, contact your service provider to make sure there's no content restrictions on your account.

Failing that, let me know what phone/service provider you use and I will look into it for you!

(I am an 'O2 Guru', happy to help!)

[LadyAsprin]

The time is set to auto and the location is set to London GMT. 
 
Its a HTC Wildfire and I'm on Three - the problem has only just started since the last time the forum went down.

I'm pretty sure there aren't any restrictions on the account.

[The Governess]

I have the same thing, also on 3, since the last downage. Once I click 'continue' it's fine... Also only seems to crop up on certain pages, like the 'new replies to your posts' page...

[LadyAsprin]

It comes up on all BG pages on my phone.

[robotmastern]

same here i have the 1st gen Motorola Droid i am running the android 2.2.3 os and using the built in browser

[akumabito]

Got the same thing here. But only when navigating to BG from another site. When I click to continue, the message stays gone for however long I stay at the forum.

I'm in the Netherlands om a T-mobile connection using a Samsung Galaxy. It does this regardless of using WiFi or mobile internet.

[proteus]

Some smart phones don't have the public key for the Certificate Authority we bought our SSL cert from; that's the likely cause of the "invalid certificate" message.

However, that should only be happening upon logging in, as that's the only time the site uses SSL. Some people have plugins, though, that automatically try the HTTPS version of a site; such a thing would cause them to link to the secure version of the site, which will redirect to the "normal" version, but not before the lack of the CA key would generate that message.

This is all theory though - screenshots of the error and an exact description of steps to reproduce would be helpful.

[robotmastern]

it literally says
 "there are problems with the security certificate for this site
X this certificate is not from a trusted authority"
 then gives options to "continue" "view certificate" or "cancel"

continuing goes to the site

view certificate shows information about the certificate as folows

issued to:
common name: brassgoggles.co.uk
organization: brassgoggles.co.uk
organizational unit : GT23323213

issued by:
common name: RapidSSL CA
organization: GeoTrust, Inc.
organizational unit :

validity:
issued on: 11/9/2011
expires on: 11/12/2012

then gives the option to view page info which just shows you the url and title of the page

i get this every time i go to the site from another site or open the browser with the site still open in the background (if that makes any sense) hope this helps as it took a while to type

[akumabito]

It's true though - only on log in.. (for me at least)

[proteus]

this certificate is not from a trusted authority"
 ...
issued by:
common name: RapidSSL CA
organization: GeoTrust, Inc.

OK, Now I understand the issue. SSL certificates are issued by Certificate Authorities (like VeriSign). Browsers ship with the Root Certificates for dozens of common CAs, which means your browser will trust certificates issued by those CAs by default.

The CA we use is RapidSSL; 99% of browsers trust RapidSSL, but it seems that your phone doesn't by default.  What make and model of phone are you using, and what browser (include version, please)?  There are generally settings in the browser that allow you to add CA certificates and/or trust Brass Goggles' certificate.

You can try accessing the intermediate CA certificate – clicking that should cause your browser to ask to install/trust that certificate. If you do so and then restart the browser, you shouldn't get that error anymore.

[robotmastern]

Nope clicking the link just lead me to a page of text. And my phone did not give me any prompt
Heck I don't even see an option for changing security settings or anything about certificates in my settings menu. I'm using a first gen motorola droid. Android 2.2.3.  And the default browser version 2.2.3

[Major Willoughby Chase]

What build number is your droid on?  They released some security certificate updates with the recent build number FRK76

[robotmastern]

it is using frk76

[Major Willoughby Chase]

Bugger.

[proteus]

Confirmed that you don't have the CA certificates for RapidSSL on your browser. You can use this online droidCert tool to add CA certificates; just use the CA cert URL I provided in the 'URL' field.

I haven't tested this, but an acquaintance claims it works.

[robotmastern]

Yes this seams to have fixed it I just saw the warning again so.that didn't work i guess