How to add TLS 1.0 and 1.2 certificate support in Ionic 3 - WinAcme --preferred-chain

How to add TLS 1.0 and 1.2 certificate support in Ionic 3

X.509 certificates (issued by Let's Encrypt) have no relationship with the TLS version and can be used with any version of TLS.

The TLS version is a question of library protocol support (which TLS library, which version...) on both client and server.

I do not recommend enabling TLS 1.0 (on either side), due to various vulnerabilities.

2 Likes

Is there any workaround for my app in ionic 3 (android 6) to accept the certificate?

Let's Encrypts current default chain should be compatible with Android 6 by default.

1 Like

The real question is: Does the Ionic 3 app support TLS 1.0?
[the cert can be used with any version of TLS]

Does Android 6 have support for TLS 1.2?

It does.

2 Likes

https://appmaua.qsti.com.br/

This site has certificate issues with Android 6.

I don't know what else to do, I've messed with the server settings and it didn't work.

The site currently sends the alternative certificate chain which is not Android pre-7.1.1 compatible:

---
Certificate chain
 0 s:CN = appmaua.qsti.com.br
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---

For compatibility with Android versions before 7.1.1 you should use the default certificate chain.

2 Likes

How do I define the standard certification chain?

Can you help me?

could you give me an example of how to do this?

This is harder to do on windows, because windows builds the chain itself using its own trust store, rather than the chain you might prefer.

There's stuff you can do but the easiest thing is to try changing your certificate authority to ZeroSSL and see if that's compatible instead.

2 Likes