Android SSL: Fix “This site’s security certificate is not trusted” Message
“This site’s security is not trusted”. You have probably encountered this error message when browsing through the World Wide Web lately. Of course, this could be a concern especially if you are trying to purchase something online which requires that you provide some of your most private information including your credit card details.
You are not alone on this. In fact, a lot of web users would go in a panic mode after they see this message on a website, thinking that they have come across a virus or some harmful site. But such error is not only happening on a computer, for even mobile browsers, especially those with the Android operating system, will also get into this error. So read on to learn how to fix this kind of Android SSL error message.
Choosing your Certificate Authority Well
The error has something to do with the Certificate Authority used by the website. This is the reason why it is important that you choose the Certificate Authority well. Some services, such as the RapidSSL, are fairly new services and that is the reason why they are not yet trusted on any browser, including Android. Have you taken a look at GoDaddy? They have SSLs at great deals!
Although this is pretty much a legit service, they have been around for only a short time and are not yet as big as other certificate authorities and this is the reason why browsers that make use of RapidSSL would run into issues, such as the error message “this site’s security is not trusted”.
Setting Up a Certificate Chain through Heroku
If you are using RapidSSL, it would help if you install a set of intermediate certificates on your server, such as Heroku. This certificate chain will provide the authority that older browsers would need, including the Android mobile browser.
When setting up Heroku, you must first install a PEM file along with your certificate. Doing this will install the actual SSL along with the Rapid SSL bundle.pem file and it helps to verify everything within the SSL key of your web server.
Updating a Certificate Chain on Heroku
For those who have already installed the certificate, yet it needs to be updated the chain or with the certificate itself in order to prevent errors, simply run the “certs:update” instead of choosing “add”. When you do this, the app with the right cert and chain will be updated. Heroku will sometimes warn you that this can be destructive so it is important to make sure that you have the right cert lined up. You must then confirm the update and you will then see an instant trust on the site certificates of your website.
Sometimes, the Android SSL: Fix “This site’s security certificate is not trusted” error message will appear if you have an older version of certificate installed. It is therefore important that you install the latest version and to update your certificate from time to time. Remember that customers are often too concerned about frauds and identity theft so if they encounter a security error on your site, they will most likely leave instantly.
