SSL Certificate Issue in Dhis2 Android App

Dear Dhis2 Community i have been configuring SSL certificate for our dhis2 application but on the android version it refuses to connect

It says the Problem is with Server Certificate.


Hi @Dereje_Haddis,

this kind of errors are usually related to the SSL configuration in the server side. Android apps are a bit stricter than web apps when it comes to validate the SSL certificates. I was checking your instance url in online SSL checkers (such as SSL Geocerts Checker or SSL Shopper Checker and both of them say that the certificate is valid but the certificate chain is not complete.

This is something that must be modified in the server configuration (usually Nginx or Apache). Using the fullchain certificate should solve the issue. There was a similar issue some time ago regarding a Nginx server, maybe it could help you (API call threw SSLException).

Please let me know if it doesn’t solve the issue

1 Like

Thanks @ Victor Garcia
I have checked with the SSL checker links you sent me

the result is this the on the web it works fine its not responding only in android app

Yes, the Android app is bit more demanding than web browsers when it comes to validate the certificate. Do you see the error in the screenshot you shared, the one saying “Certificate Chain Complete?”? It means that the certificate chain is not provided in the server.

Web browsers will usually get this chain by other means, but it might happen that some browsers won’t work properly, it depends on the browser. Other tools such as “curl” won’t work propertly (I have just tested myself with you url). And the DHIS2 Android app won’t work either.

I would recommend you to setup the certificate chain in your server to be safe with any tool you use to access the server. It usually involves changing just a few lines in Nginx or Apache configuration.

1 Like

Hello @ vgarciabnz i have .pfx and .crt file how can i locate in Apache configuration file

The first think I would try to figure out is if the “.crt” file contains the full chain. If so, you can set the path for SSLCerticateFile or SSLCertificateChainFile (depending on Apache version mod_ssl - Apache HTTP Server Version 2.4). If not, you would need the full chain cert.

But maybe someone else can help here, I am not very familiar with Apache configuration.

Still the Error Persists My Android Dhis2 is not connecting i have added the .crt file paths in the Apache24 located in my C: drive


httpd config file
but not succeeded

1 Like

I have checked the url using some SSL checkers and the error is still there. Did you reload the apache server to pick up the new configuration? Maybe there is something else missing in the configuration. Sorry. I am not an Apache expert and can’t help so much here.

1 Like

Atleast in my case when i added below line in the conf file this problem got solved. If it’s windows you have to edit the location accordingly

SSLCACertificateFile /etc/apache2/DigiCertCA.crt

1 Like

Hello @vgarciabnz

Thanks for your information.
I faced the same issue and I use Nginx when I add the fullchain.pem file in the nginx.conf file. Here:

image

Once I replace that line for something like this:

ssl_certificate fullchain.pem;

The problem was solved.