Collect not working due to SSL error

Dear Yaw,

I've now uploaded the XForm. I had to download the then use it to convert.
Thanks for the lift

Now I'm having issues connecting my android device to the server. Each time I try to "Get Blank Form" from the server it reads an error message as filows;

Form listing failed Error.
CertPathValidationException: Trust anchor for certification path not found. while accessing server

I'm using ODK Collect v1.15.1. I wonder if it's an issue of version


Also I'm using Samsung Galaxi Note 10.1 tablet (Android version 4.1.2)
I already downloaded and submitted forms to server using HUAWEI and ODK Collect 1.12.2

CertPathValidationException usually happens if you are trying to connect to a server via HTTPS, but something has gone wrong.

Check the URL are you connecting to the server with. If you did not install an SSL certificate, that URL should start with http, not https (e.g., If you did install an SSL cert, go to and make sure the install is valid.

Dear Yaw,
The tablet reads "Can't establish a secure connection" to the ssl checker but checking with my PC, the server has a valid ssl cert and has been set to accept all domain names.

Looking at the device settings CAs, the ssl cert provider has been checked as one of the trusted credentials. I have only been able to log into the server using the device but with a warning that there are problems with the security certificate of the site.

It is clear that the issue is around https with this android. What do I need to do if I have to establish a secured connection with HTTPS?


The short answer is that Android 4.1.2 is 6 years old. If you can upgrade that device to a newer version of Android, that's what I'd recommend. If you can't, then use a cert from Let's Encrypt and it might work better.

As Yaw suggested, unless you do some fancy acrobotics, Android will typically check the certificate chain of whatever HTTPS server certificate it gets from ODK Aggregate, and will complain if it finds its a so-called 'self signed certificate'; which is the equivalent of the person presenting you a certificate verifying their identity happens the same person who issued themselves the certificate in the first place! (or "you can trust I'm Gareth because I told you so" :-).

You should probably get a real certificate issued from a well-known SSL cert agency, and go from there.

It's not always self-signed certs that trigger this problem. Sometimes, the device, often an older device, doesn't have the trusted root certs and so if you install a cert that doesn't have that root cert in the intermediates chain, SSL will not work.

The easiest way to verify this is to use Note that in the example below, the cert is trusted by all major browsers and the intermediates are installed correctly...

Thanks for the contribution. You are right


3 posts were split to a new topic: Form branching

And if cost is the issue for SSL certs, is free, easy, and reliable.