Search code examples
androidsslca

err_cert_authority_invalid - self signed CA is invalid on android, but works on PC

I'm testing https webserver and have an issue while trying to access it from my android phone.

  • software used: Google Chrome and wrapped into WebView version of the site;
  • devices: google pixel 3a running android 10, android studio emulator w/ android 8.

Step performed:

  1. Using this script: Getting Chrome to accept self-signed localhost certificate, I generated certs and keys for my server to access it via IP: 192.168.0.101 (in script replaced DNS alt_name with IP);

  2. Ran golang (also tried nodejs) webserver with followed cert/key pair: http.ListenAndServeTLS("192.168.0.101:8443", "/home/username/ssl/192.168.0.101.crt", "/home/username/ssl/192.168.0.101.key", router)

  3. Added myCA.pem as the trusted authority in desktop Google Chrome and it works;

  4. Added the same myCA.pem as the trusted authority in android cert storage, tried to reboot chrome/device but it's still invalid.

Not sure is it important but this is how it looks on PC

And on Android phone under User tab in Trusted Credentials

Solution

  • Feels like I did something wrong with the Server Cert (but error referred to CA) and/or CA and I have no idea why it was worked on PC.

    I have recreated all certs with followed settings:

    CN=localhost
[alt_names]
IP.1=127.0.0.1
IP.2=192.168.0.101
IP.3=<external_ip_here_to_check_from_the_web>

    And it works fine on both platforms.