SSL problems on Android (Intermediate Certificate)

amazon ec2amazon-beanstalkandroidsslssl-certificate

My site works well on every browser and device, except on Android, where it throws a security exception. I already installed my SSL certificate on my Amazon Elastic Beanstalk instance (by installing the certificate on the load balancer).

It seems that I can be falling on the following case:

http://blog.michaelfmcnamara.com/2011/07/googleandroid-root-and-intermediate-certificate-issues/

It seems that I have to install a intermediate certificate.

Can anyone help me with that? I dont really know what it means

Best Answer

Concatenate the files provided manually, in the following order:

site.com.crt
intermediate.crt (one or more, the order of these doesn't matter)
ROOT.crt

you can do this from a shell with the cat command

cat site.com intermediate.crt ROOT.crt > site.chain.pem

or copy/paste them, no whitespace between, make sure certificates are on different lines

-----BEGIN CERTIFICATE-----
site cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
root cert
-----END CERTIFICATE-----

If you don't have the root, concatenate the site cert with the intermediates, without root the cert. Such as:

-----BEGIN CERTIFICATE-----
site cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate cert
-----END CERTIFICATE-----

How do I Install Intermediate Certificates (in AWS)?

Related Solutions

Amazon ELB – How to Install a Thawte SSL Certificate

Certificate name is your choice - it is just to identify the certificate later
Private Key is the key (PEM, base-64) you generated when you created your CSR - you will copy and paste the entire file into the field, from -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY----- (inclusive).
Public Key is the PEM encoded, based 64 verion of what obtained from Thawte (X.509). Copy the contents of the X.509 into a text editor (e.g. vi), save it with a .cer extension. Use OpenSSL to display it in the needed format:
```
openssl x509 -inform DER -in yourfilefromthawte.cer
```
Copy and paste the output from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- (inclusive) into the field.
Certificate Chain is the Thawte CA bundle that you can download from their site. For Thawte's SSL Web Server and Wildcard certificates (may be different if you have a different certificate type), their CA bundle is available from their site. (Download the 'Bundled CA version', it is already in PEM format, copy and paste the entire file (both certificates) into the field)

Check out this AWS thread for more information (although that is Verizon specific, the basic ideas apply).

AWS – How to Install Intermediate Certificates

concatenate the files provided manually, in the following order:

site.com.crt
intermediate.crt (one or more, the order of these doesn't matter)
ROOT.crt