Dear Dhis2 Community i have been configuring SSL certificate for our dhis2 application but on the android version it refuses to connect
It says the Problem is with Server Certificate.
Hi @Dereje_Haddis,
this kind of errors are usually related to the SSL configuration in the server side. Android apps are a bit stricter than web apps when it comes to validate the SSL certificates. I was checking your instance url in online SSL checkers (such as SSL Geocerts Checker or SSL Shopper Checker and both of them say that the certificate is valid but the certificate chain is not complete.
This is something that must be modified in the server configuration (usually Nginx or Apache). Using the fullchain certificate should solve the issue. There was a similar issue some time ago regarding a Nginx server, maybe it could help you (API call threw SSLException).
Please let me know if it doesn’t solve the issue
2 Likes
Thanks @ Victor Garcia
I have checked with the SSL checker links you sent me
the result is this the on the web it works fine its not responding only in android app
Yes, the Android app is bit more demanding than web browsers when it comes to validate the certificate. Do you see the error in the screenshot you shared, the one saying “Certificate Chain Complete?”? It means that the certificate chain is not provided in the server.
Web browsers will usually get this chain by other means, but it might happen that some browsers won’t work properly, it depends on the browser. Other tools such as “curl” won’t work propertly (I have just tested myself with you url). And the DHIS2 Android app won’t work either.
I would recommend you to setup the certificate chain in your server to be safe with any tool you use to access the server. It usually involves changing just a few lines in Nginx or Apache configuration.
1 Like
Hello @ vgarciabnz i have .pfx and .crt file how can i locate in Apache configuration file
The first think I would try to figure out is if the “.crt” file contains the full chain. If so, you can set the path for SSLCerticateFile or SSLCertificateChainFile (depending on Apache version mod_ssl - Apache HTTP Server Version 2.4). If not, you would need the full chain cert.
But maybe someone else can help here, I am not very familiar with Apache configuration.
Still the Error Persists My Android Dhis2 is not connecting i have added the .crt file paths in the Apache24 located in my C: drive
httpd config file
but not succeeded
1 Like
I have checked the url using some SSL checkers and the error is still there. Did you reload the apache server to pick up the new configuration? Maybe there is something else missing in the configuration. Sorry. I am not an Apache expert and can’t help so much here.
1 Like
Atleast in my case when i added below line in the conf file this problem got solved. If it’s windows you have to edit the location accordingly
SSLCACertificateFile /etc/apache2/DigiCertCA.crt
1 Like
Hello @vgarciabnz
Thanks for your information.
I faced the same issue and I use Nginx when I add the fullchain.pem file in the nginx.conf file. Here:
Once I replace that line for something like this:
ssl_certificate fullchain.pem;
The problem was solved.
1 Like