SSL Certificates / Trust Issues

A few users have recently had problems connecting to our servers via ODK collect.

WhatsApp Image 2017-09-12 at 09.46.11

The error mentions a CertPathValidatorException

This happened because we recently renewed the SSL certificate for ODK and our latest certificates use a different Certification Authority (CA) to the previous one. Most likely what was happening here was that the problem devices didn’t have the appropriate root CA installed and failed when trying to connect to the secure server.

 

The root certificate that is required is “QuoVadis Root CA 2 G3”.
To check if this is installed on an Android device, go to Settings / Security / Certificate management / Trusted Certificates / System and scroll down the list for the QuoVadis entries (the menu items here may be slightly different on different depending on the version of Android).

In short this can be fixed by visiting these links on the browser of your device. They should automatically be installed. If not they will be downloaded and  there should be an Install from storage (or similar) item under the same Certificate management part of the security options

Visit these URLs to get the certificates

http://www2.lshtm.ac.uk/QuoVadisOVRootCertificate.crt

http://www2.lshtm.ac.uk/QuoVadisOVIntermediateCertificate.crt

Comments are closed.