Welcome to Community Week 2025! Join us to learn, connect, and be recognized as we celebrate the spirit of Community and the power of AI. Get the details  

ServiceNow Mobile App SSL Certificate Error - Android

Go to solution
Ant1
Giga Guru

‎09-06-2017 06:42 PM

We've just updated our SSO IDP in ServiceNow and now I've noticed that when trying to access ServiceNow via the Android mobile app, i'm getting an error.   The error reads "SSL Certificate Error.   Certificate authority not trusted."   On our previous SSO configuration, my mobile app was working without issues.   So far i've noticed this just for myself, and my colleague, who is also on android, is not receiving the same error.   He is able to log in just fine via our new IDP.   I've uninstalled the app completely and reinstalled and I am still having the same issue.   All of our instances have been migrated to our new IDP and I cannot connect to any of them via the app.   Access through desktops and via browser on the phone works, however.

Thanks,

Anthony A.

Screenshot_20170906-193345.png

Labels:
Preview file
54 KB
0 Helpfuls
  • 4,818 Views
1 ACCEPTED SOLUTION

Go to solution
vab_13
ServiceNow Employee
ServiceNow Employee

‎09-06-2017 06:51 PM

The problem is with the IDP certificate (ie ADFS server) which might not be trusted on Android because the intermediate certificate might be missing.


Android is more strict than the others like iOS, MS Window/


You might need to contact your IDP(or ADFS admin) to fix us the certificate problem.



Helpful links:



http://stackoverflow.com/questions/13862908/ssl-certificate-is-not-trusted-on-mobile-only


http://serverfault.com/questions/620544/why-does-android-chrome-say-my-sites-security-certificate-is...






A certificate can contain a special Authority Information Access extension (RFC-3280) with URL to issuer's certificate. Most browsers can use the AIA extension to download missing intermediate certificate to complete the certificate chain. But some clients (mobile browsers, OpenSSL) don't support this extension, so they report such certificate as untrusted.


You can solve the incomplete certificate chain issue manually by concatenating all certificates from the certificate to the trusted root certificate (exclusive, in this order), to prevent such issues. Note, the trusted root certificate should not be there, as it is already included in the system's root certificate store.


You should be able to fetch intermediate certificates from the issuer and concat them together by yourself. I have written a script to automate the procedure, it loops over the AIA extension to produce output of correctly chained certificates. https://github.com/zakjan/cert-chain-resolver


View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
vab_13
ServiceNow Employee
ServiceNow Employee

‎09-06-2017 06:51 PM

The problem is with the IDP certificate (ie ADFS server) which might not be trusted on Android because the intermediate certificate might be missing.


Android is more strict than the others like iOS, MS Window/


You might need to contact your IDP(or ADFS admin) to fix us the certificate problem.



Helpful links:



http://stackoverflow.com/questions/13862908/ssl-certificate-is-not-trusted-on-mobile-only


http://serverfault.com/questions/620544/why-does-android-chrome-say-my-sites-security-certificate-is...






A certificate can contain a special Authority Information Access extension (RFC-3280) with URL to issuer's certificate. Most browsers can use the AIA extension to download missing intermediate certificate to complete the certificate chain. But some clients (mobile browsers, OpenSSL) don't support this extension, so they report such certificate as untrusted.


You can solve the incomplete certificate chain issue manually by concatenating all certificates from the certificate to the trusted root certificate (exclusive, in this order), to prevent such issues. Note, the trusted root certificate should not be there, as it is already included in the system's root certificate store.


You should be able to fetch intermediate certificates from the issuer and concat them together by yourself. I have written a script to automate the procedure, it loops over the AIA extension to produce output of correctly chained certificates. https://github.com/zakjan/cert-chain-resolver


0 Helpfuls

Go to solution
Aditya Telideva
ServiceNow Employee
ServiceNow Employee

‎09-06-2017 11:53 PM

Hi Anthony,


The problem is about the certificate of ADFS server which was not trusted on Android as intermediate certificate was missing.(Android seems to be more strict than the others like iOS, MS Window). Needed to contact the ADFS admin to fix us the certificate problem.



Please see below link for more information



http://stackoverflow.com/questions/13862908/ssl-certificate-is-not-trusted-on-mobile-only



http://serverfault.com/questions/620544/why-does-android-chrome-say-my-sites-security-certificate-is...



Hope this help anyone who are experiencing the same thing. Mark your feedback( Like or Helpful or Correct) as per the impact of my response.


Thanks,


Adi


0 Helpfuls

Go to solution
Ant1
Giga Guru

‎09-07-2017 08:20 AM

Thank you both for the input, and we will investigate this further.   However, how is it it works for some Android devices and not others?



Thanks,


Anthony


0 Helpfuls

Go to solution
vondes
Kilo Contributor
In response to Ant1

‎12-12-2017 11:18 PM

The same problem i have with https://mobile-phone-tracker.org/ mobile recorder on Android, can u help me?


0 Helpfuls