Was doing a training on our current project today, and couldn’t load the CHT app on android.
We renewed our SSL Certificates, which are attached to the JKUAT domain and subdomains, and worked well on the web browser and we can access the CHT application.
Configuring the Medic Android app by sharing our test server URL gives the error, “Unable to contact server”
I share our SSL browser settings, please review and advise
@oyierphil - This looks to be a public instance - would you mind sharing the URL? We can then debug the server to see if the it is configured correctly from a TLS perspective.
Without knowing, more, I would guess that maybe you didn’t load all the correct certificates such that the TLS chain doesn’t validate? This can cause desktop browsers to work but Android clients to fail (often
cht-conf as well). You can check this thread for more information.
openssl s_client -connect test-dharc.jkuat.ac.ke:443 CONNECTED(00000003) depth=0 C = KE, ST = Nairobi City, O = KENET, CN = *.jkuat.ac.ke verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = KE, ST = Nairobi City, O = KENET, CN = *.jkuat.ac.ke verify error:num=21:unable to verify the first certificate verify return:1
The easiest way to fix this is to ensure you have the latest private key in one file (
default.key) and then concatenate your primary certificate followed by any intermediate chain certificates into the certificate file (
default.crt). You should be able to download these from your certificate authority (CA), which looks to be Sectigo Limited.
After you have installed the key and certs and restarted
nginx, test in with SSL Labs and
curl per above.
Best of luck!
Joined the primary SSL certificate with the intermediate and now we can access the app from the Medic Android, thank you for always being there
Super - that’s great news! Thanks for reporting back about your success @oyierphil .