I used one of the helper apps someone put together to install a certificate on my IIS 8.0 platform and everything works great in all web browsers with the exception of my Samsung S5 running Android Lollipop. When my phone is connected to the Verizon network I get the following error in Google Chrome ERR_SSL_PROTOCOL_ERROR Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don’t have. I tried using the Dolphin HD browser on my phone and it is also unable to connect though it does not give me as much information as Chrome Mobile does.
As soon as I connect to an xfinitywifi hotspot or any other wifi hotspot it works perfectly and I can connect to my website through HTTPS.
Some other notes from what I have tried.
I can connect to my site just fine from a computer that is using a Verizon FiOS business connection.
I tried disabling SSL 2.0 and 3.0 on my server through the registry edits shown on this website https://www.sslshopper.com/article-how-to-disable-ssl-2.0-in-iis-7.html
I enabled the wifi hotspot on my phone, and connected to it from a different computer. That computer is ALSO unable to connect to my site VIA HTTPS when on my hotspot connection.
I borrowed a co-workers Sprint Samsung S6 with all the latest updates and his phone cannot connect as well.
I checked my APN settings for a proxy server entry. I only have one APN and all of the settings are disabled, but the proxy server setting shows “Not Set”. So, I don’t believe there is a proxy.
My phone has the following certificate in the System store and it is enabled. “Digital Signature Trust Co.” DST Root CA X3
My phone is running the following version of Android LRX21T.G900VVRU2BOG5. Is there a way in IIS to specify what outgoing ports the secure connection should use after the connection is established on 443? I know with the FTP server this can be done, not sure about the web server.
I’m open to any and all advice as I really want to get some sort of secure service on my webserver but it just does not play nice with my phone and that is a critical aspect for me.