We've setup the certificates on our server and when requesting https://www.ourserver.org, Android (whatever the browser used) shows a little popup
You need to set a lock screen pin or password
before you can use credential storage
Which is wrong, it seems that the phone is trying to register that certificate..?
It does happen only on Android so far it's fine on iPhone and desktop browsers
our Stunnel config:
[www.ourserver.org]
cert = /etc/stunnel/certs/www.ourserver.org.crt
key = /etc/stunnel/keys/www.ourserver.org.key
CAfile = /etc/stunnel/certs/www.ourserver.org.intermediate.crt
accept = 10.10.54.2:9443
connect = 10.10.54.2:9444
verify=1
xforwardedfor = yes
TIMEOUTclose = 0
cert file is issued by RapidSSL. The intermediate CAfile contains both: the intermediate certificate first and cert certificate.
Any idea of what went wrong on our certificate config ?
If I go through the process of securing my phone with a lock screen, accessing the same page then shows
No certificates found
The app Chrome has requested a certificate.
Choosing a certificate will let the app use this
identity with servers now and in the future. The
app has identified the requesting server as (...),
but you should only give the app access to the
certificate if you trust the app. You can install
certificates from a PKCS#12 file with a .pfx or a
.p12 extension located in external storage."
It's not an Android/Chrome issue. The problem was from the fact that the server was requesting a certificate from the client. For Apache add/change the following parameter in your conf or in your sites definition:
SSLVerifyClient none