Adobe Connect User Community
Menu

#1 2012-08-24 16:23:07

**_iangoh_**

Adobe Connect Mobile 2.0.4 (Android) "certificate error"

I just tried the Connect Mobile 2.0.4 on Android (Nexus7/4.1).  Our self-hosted connect server is SSLed (2048bit, with a GeoTrust SSL CA).  When I try to connect to the meeting room, I get a "certificate error".

There is an intermediate cert (Geotrust SSL CA), so I have tried adding the Geotrust "GT_True_BusinessID_and_Enterprise_SSL_Intermediate_bundle" .cer to my Nexus7 (using the steps at http://www.nexus7tablethelp.com/2012/07 … exus.html).  It did not seem to help.

I do not have problems using the iOS Connect Mobile 2.x to get to our connect server.
And Android's Chrome doesn't have an issue either (green lock).

On using WireShark to view the traffic between the device and the server, it is trying to do a TLSv1.0 handshake, but they never get to Client Key Exchange.

Any other ideas?  Are there limits to the SSL implementation?

Thanks!

- Ian

Last edited by **_iangoh_** (2012-08-24 16:28:37)

Offline

#2 2012-08-27 12:51:42

**_praha_**

Re: Adobe Connect Mobile 2.0.4 (Android) "certificate error"

I understand you did not have any issue connecting to the meeting room on iOS, but is it possible to install the intermediate certificate on the server side?

Offline

#3 2012-08-27 12:54:02

**_praha_**

Re: Adobe Connect Mobile 2.0.4 (Android) "certificate error"

Also if the device isn't authenticated to a wi-fi network that requires SSL, the 'certificate error' message may display on the device but I'm not suggesting that your Nexus 7 was not connected to the wi-fi network.

Offline

#4 2012-08-27 12:54:59

**_iangoh_**

Re: Adobe Connect Mobile 2.0.4 (Android) "certificate error"

Thanks Praha, I will ask our Connect admin to look at it.

Offline

#5 2012-08-28 10:06:22

**_iangoh_**

Re: Adobe Connect Mobile 2.0.4 (Android) "certificate error"

Dear Praha,

I did ask our Adobe Connect admin, and he confirmed the intermediate cert was installed.  He suggested I install all three certs (GeoTrustGlobalCA, GeoTrustSSLCA (which is the intermediate), and our connectserver).  I exported them via Firefox (x509 Certificate PEM), gave them .cer file extensions, and imported them into the Nexus7.  While they all "imported", only the GeoTrustSSLCA actually appears in the Settings > Security > Trusted Credentials > "User" section.

I then tried my meeting url, with the same results "certificate error".

Yours,

- Ian

Last edited by **_iangoh_** (2012-08-28 10:06:50)

Offline

#6 2012-08-28 14:23:48

**_praha_**

Re: Adobe Connect Mobile 2.0.4 (Android) "certificate error"

@iangoh: can you we take this offline because I'd like to work directly with you and I may need additional info? you can email me at mhuynh@adobe.com.

Offline

#7 2012-08-29 15:35:07

**_iangoh_**

Re: Adobe Connect Mobile 2.0.4 (Android) "certificate error"

Just to close the loop on this.  We figured out what was wrong in our instance.

In our Apache 2.2.x config we were using ip-based virtual hosts (http://httpd.apache.org/docs/2.2/vhosts/ip-based.html)

When looking at the packet traffic between the client and the server, we noticed a warning was sent
Alert (Level: Warning, Description: Unrecognized Name), Server Hello

And this led us to look at Server Name Indication (http://en.wikipedia.org/wiki/Server_Name_Indication)

We tried explicitly setting "ServerName connect.server.fqdn" in the VirtualHost section. e.g.,

<VirtualHost 123.456.789.10:443>
:
ServerName connect.server.fqdn
:
</VirtualHost>

and was able to get into the meeting room from the Android app.

While iOS Connect Mobile app handled the lack of explicit SNI correctly, it looks like Android Connect Mobile app did not. [updated - not to blame android itself]

Last edited by **_iangoh_** (2012-08-29 16:02:48)

Offline

#8 2012-08-29 16:58:00

**_iangoh_**

Re: Adobe Connect Mobile 2.0.4 (Android) "certificate error"

Also, cert-checking sites gave some different results:

* http://www.digicert.com/help/ (and I think I checked geotrust) - said our cert was fine
* http://www.sslshopper.com/ssl-checker.html - said there as an issue with our cert (but not explicitly what/how to fix the issue)

Offline

Board footer