SSLPeerUnverifiedException

We've found some Android devices won't even trust a GeoTrust root -- so we
had to rig all of our GeoTrust certificates to chain back to an Equifax
root (which everybody seems to trust). It's a mess.

Best,

Chris

··· On Thu, Sep 11, 2014 at 9:48 AM, Yaw Anokwa wrote:

Aurelio,

The easy answer is to use GeoTrust certs or to chain your root cert to
something more widely available. You can also submit a patch.

https://code.google.com/p/opendatakit/issues/detail?id=1061 has the
issue. Star it to get updates. No ETA for a fix.

Yaw

Need ODK services? http://nafundi.com provides form design, server
setup, professional support, and software development for ODK.

--
You received this message because you are subscribed to the Google Groups
"ODK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thanks Mitch and Tom. I will get in touch with GoDaddy to investigate
what i might have missed during certificate installation.

Regards,
Caesar

··· On 21/03/2015, Mitch Sundt wrote: > Agreed. > > Test with another PC/Mac first. > > Work with GoDaddy tech support to get to where you can connect to your > server from a wifi hotspot using an un-modified web browser on a client > computer (i.e., without installing or modifying the certificates on the > client computer). > > Then Test with the browser on your Android device. > > If those both work, then ODK Collect should work. > > If you are installing new root certificates on the devices, something is > wrong with the issuer of the SSL certificate. > > > > > > On Fri, Mar 20, 2015 at 5:33 AM, Tom Smyth wrote: > >> I'd recommend talking to GoDaddy support about this. >> >> On 20 March 2015 at 05:15, Caesar wrote: >> >>> Apologies, please find below the SSL test URLs that gave the issues >>> explained above. >>> >>> >>> 1. >>> >>> https://www.networking4all.com/en/support/tools/site+check/report/?fqdn=odk.kemri-wellcome.org&protocol=https >>> 2. >>> >>> https://www.sslshopper.com/ssl-checker.html#hostname=odk.kemri-wellcome.org >>> >>> regards, >>> >>> caesar >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups >>> "ODK Developers" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an >>> email to opendatakit-developers+unsubscribe@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Tom Smyth >> >> Worker-Owner, Sassafras Tech Collective >> Specializing in innovative, usable tech for social change >> sassafras.coop *·* @sassafrastech >> >> Resident, Touchstone Cohousing >> touchstonecohousing.org >> >> -- >> You received this message because you are subscribed to the Google Groups >> "ODK Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to opendatakit-developers+unsubscribe@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Mitch Sundt > Software Engineer > University of Washington > mitchellsundt@gmail.com > > -- > You received this message because you are subscribed to a topic in the > Google Groups "ODK Developers" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/opendatakit-developers/IeepVIOJmiI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > opendatakit-developers+unsubscribe@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. >

Thanks Mitch and Tom. I will get in touch with GoDaddy
to investigate
what i might have missed during certificate installation.

My android and PC browsers do not complain but certificate issuer
details are not shown on checking the certificate details. Suspecting
this is where the issue lies.

Regards,
Caesar

··· On 21/03/2015, Mitch Sundt wrote: > Agreed. > > Test with another PC/Mac first. > > Work with GoDaddy tech support to get to where you can connect to your > server from a wifi hotspot using an un-modified web browser on a client > computer (i.e., without installing or modifying the certificates on the > client computer). > > Then Test with the browser on your Android device. > > If those both work, then ODK Collect should work. > > If you are installing new root certificates on the devices, something is > wrong with the issuer of the SSL certificate. > > > > > > On Fri, Mar 20, 2015 at 5:33 AM, Tom Smyth wrote: > >> I'd recommend talking to GoDaddy support about this. >> >> On 20 March 2015 at 05:15, Caesar wrote: >> >>> Apologies, please find below the SSL test URLs that gave the issues >>> explained above. >>> >>> >>> 1. >>> >>> https://www.networking4all.com/en/support/tools/site+check/report/?fqdn=odk.kemri-wellcome.org&protocol=https >>> 2. >>> >>> https://www.sslshopper.com/ssl-checker.html#hostname=odk.kemri-wellcome.org >>> >>> regards, >>> >>> caesar >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups >>> "ODK Developers" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an >>> email to opendatakit-developers+unsubscribe@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Tom Smyth >> >> Worker-Owner, Sassafras Tech Collective >> Specializing in innovative, usable tech for social change >> sassafras.coop *·* @sassafrastech >> >> Resident, Touchstone Cohousing >> touchstonecohousing.org >> >> -- >> You received this message because you are subscribed to the Google Groups >> "ODK Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to opendatakit-developers+unsubscribe@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Mitch Sundt > Software Engineer > University of Washington > mitchellsundt@gmail.com > > -- > You received this message because you are subscribed to a topic in the > Google Groups "ODK Developers" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/opendatakit-developers/IeepVIOJmiI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > opendatakit-developers+unsubscribe@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. >

Chris,

Agreed. GeoTrust + Equifax is generally what we do for deployments.

Yaw

··· -- Need ODK services? http://nafundi.com provides form design, server setup, professional support, and software development for ODK.

On Thu, Sep 11, 2014 at 6:51 AM, Christopher Robert crobert@surveycto.com wrote:

We've found some Android devices won't even trust a GeoTrust root -- so we
had to rig all of our GeoTrust certificates to chain back to an Equifax root
(which everybody seems to trust). It's a mess.

Best,

Chris

On Thu, Sep 11, 2014 at 9:48 AM, Yaw Anokwa yanokwa@nafundi.com wrote:

Aurelio,

The easy answer is to use GeoTrust certs or to chain your root cert to
something more widely available. You can also submit a patch.

https://code.google.com/p/opendatakit/issues/detail?id=1061 has the
issue. Star it to get updates. No ETA for a fix.

Yaw

Need ODK services? http://nafundi.com provides form design, server
setup, professional support, and software development for ODK.

--
You received this message because you are subscribed to the Google Groups
"ODK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"ODK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

I do not think this requires a code change in Briefcase.

The problem is that your computer does not recognize/honor the root
certificate authority (CA) that issued your SSL certificate (GeoTrust?).

The solution is to add the root certificates for your CA to your local
computer's certificate store.

I believe that solution is described here:

http://technet.microsoft.com/en-us/library/cc754841.aspx

and perhaps in a less-techy more visual way, here:

http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx

Reboot after installing the CA certificates for GeoTrust (there are several
to obtain from here: https://www.geotrust.com/resources/root-certificates/
) -- or whatever your authority is -- BUT make sure you download these
from an https URL
-- downloading root certificates from an ordinary http:
link is absurdly dangerous; never do that!

Then, upon restart, ODK Briefcase should "just work."

··· On Thu, Sep 11, 2014 at 6:53 AM, Yaw Anokwa wrote:

Chris,

Agreed. GeoTrust + Equifax is generally what we do for deployments.

Yaw

Need ODK services? http://nafundi.com provides form design, server
setup, professional support, and software development for ODK.

On Thu, Sep 11, 2014 at 6:51 AM, Christopher Robert crobert@surveycto.com wrote:

We've found some Android devices won't even trust a GeoTrust root -- so
we
had to rig all of our GeoTrust certificates to chain back to an Equifax
root
(which everybody seems to trust). It's a mess.

Best,

Chris

On Thu, Sep 11, 2014 at 9:48 AM, Yaw Anokwa yanokwa@nafundi.com wrote:

Aurelio,

The easy answer is to use GeoTrust certs or to chain your root cert to
something more widely available. You can also submit a patch.

https://code.google.com/p/opendatakit/issues/detail?id=1061 has the
issue. Star it to get updates. No ETA for a fix.

Yaw

Need ODK services? http://nafundi.com provides form design, server
setup, professional support, and software development for ODK.

--
You received this message because you are subscribed to the Google
Groups

"ODK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send
an

email to opendatakit-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"ODK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"ODK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com