Let's Encrypt cert not trusted by Android

Moonlighter · April 7, 2018, 12:30pm

Hello,

So here is my problem, I have a certificate for my site, for the site I use the pem files, however, I have certain software running that requires a .pfx file so i converted the pem files to pfx with open SSL. When I open the site software that uses the .pfx file in a browser (either on Chrome on Android, or in Firefox on my desktop) the cert is trusted, however when I connect with an app to the site, the following information appears in the log:

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

So it seems Android itself does not trust the certificate,

I hope my story is clear and somebody can help me,

Thanks in advance!

Ronald

Rip · April 7, 2018, 3:55pm

Hi @Moonlighter …
Can you give us your domain name so we can be more efficient in providing help for you?

There is some relevant info on the stack. Please take a look at:

Trust Anchor not found for Android SSL Connection

Rip

sahsanu · April 7, 2018, 4:01pm

Hi @Moonlighter,

How did you convert the certificate to pfx?. You should include the fullchain.pem (it includes your cert and the intermediate cert), something like this:

openssl pkcs12 -export -out certificate.pfx -inkey /etc/letsencrypt/live/yourdomain.tld/privkey.pem -in /etc/letsencrypt/live/yourdomain.tld/fullchain.pem

Above command will ask for a password.

Hope this helps.

Cheers,
sahsanu

Moonlighter · April 7, 2018, 10:50pm

@sahsanu @Rip

Thanks for the replies! You where right sahsanu, I forgot to include the > fullchain.pem.
Was automating some things in bash because I’m following a course in programming in R, so I thought I can use this for more, but in my haste forgot the include the > fullchain.pem

Thanks again, working like a charm right now!

Moonlighter

system · May 7, 2018, 10:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.