Hello rg305,
Followed instructions mentioned in the article and downloaded ISRG Root X1.der and installed certificate with default settings and rebooted. It looks like problem is fixed for Android 7.0.
However few strange things were observed.
In first attempt of ISRG Root X1 certificate installation, it did not fixed the problem so made two more attempts, rebooted and started seeing changes on few sites.
Chrome browser on android 7.0 was intermittently showing site secured and unsecured when refreshed.
After few 30 minutes, it is identifying certificate for sites but can not trust that it will stay as is for long. I will monitor sites for few more days and hope it will not repeat again.
I have few more questions.
-
There are two sets of certificates for each site. One set certificate name begins with [IIS] and another set certificate name begins with [Manual]. All sites are now assigned certificates whose name begins with [Manual] I guess certificates starting with [IIS] should now be removed to keep certificate list organized. What do you think. Is this good idea?
-
IIS server has feature called "Automatic Rebind of Renewed Certificate". I guess it would be good to keep this feature turned on. Any suggestion?