Eu tenho um problema quando um aplicativo Android tenta se conectar.
Histórico: A empresa com a qual eu trabalho desenvolveu um aplicativo. Quando eu tentei em um navegador da web eu vejo o certificado, mas no aplicativo, eu não conseguia nem fazer o login. A versão do iOS está funcionando bem, mas a parte do Android não é.
Eu sou um administrador linux btw, não um desenvolvedor btw.
Então, o desenvolvedor disse que tentou o Openssl no Ubuntu 16.04 LTS e recebeu o erro abaixo:
$ **openssl s_client -connect somesite.com:443**
CONNECTED(00000003)
depth=0 C = bla bla, OU = Domain Control Validated, CN = *.domainname
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = bla bla, OU = Domain Control Validated, CN = *.domainname
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = bla bla, OU = Domain Control Validated, CN = *.domainname
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=bla bla /O=*.domainname /OU=Domain Control Validated/CN=*.domainname
i:/C=bla bla /O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./OU=E-Tu\xC4\x9Fra Sertifikasyon Merkezi/CN=E-Tugra Domain Validated CA
---
Server certificate
-----BEGIN CERTIFICATE-----
encrpytep thing her
-----END CERTIFICATE-----
subject=/C= againg some values /O=*.domainname /OU=Domain Control Validated/CN=*.domainname
issuer=/C=Tagaing some values /O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./OU=E-Tu\xC4\x9Fra Sertifikasyon Merkezi/CN=E-Tugra Domain Validated CA
---
No client certificate CA names sent
Server Temp Key: ... 521 bits
---
SSL handshake has read 2177 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: something
Session-ID-ctx:
Master-Key: something
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 5e e1 a4 ba d6 0c 24 82-95 6e 1c 1b ce e5 8f 15 ^.....$..n......
0010 - 50 fb 70 13 7d 14 27 ee-f6 8d ad 2b 74 38 c6 da P.p.}.'....+t8..
0020 - 1e ad 72 d9 e7 9a 5c c8-c5 d7 12 39 f2 41 f7 6d ..r...\....9.A.m
0030 - 4b 01 e8 cb 6c 01 f1 b4-74 57 b2 6f 30 dd 48 87 K...l...tW.o0.H.
0040 - 0d c3 3a 0f 69 3d 54 50-61 8f c8 32 39 43 f7 4f ..:.i=TPa..29C.O
0050 - e3 06 c1 02 67 b8 f4 bc-02 95 29 70 3e 29 37 5f ....g.....)p>)7_
0060 - 50 0a 71 4e 79 13 1b 71-0b 4f 8a 4e 03 6b df 78 P.qNy..q.O.N.k.x
0070 - 30 95 94 24 d4 99 1e 5b-83 33 5e 86 81 fc 35 a1 0..$...[.3^...5.
0080 - 44 b9 89 f1 ee 0d 1c 49-d6 13 ee 74 d8 9d 91 bc D......I...t....
0090 - ca c5 20 12 3f 55 72 2e-47 9d ca 4e f2 cf 28 bd .. .?Ur.G..N..(.
00a0 - 70 4c cc 15 44 b0 dc 57-1b a2 21 d2 95 76 f4 0c pL..D..W..!..v..
00b0 - f5 e7 60 7b 5f 42 eb e0-e9 6d 62 44 46 1b 5e a5 ..'{_B...mbDF.^.
Start Time: 1515566541
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
E o ssl-conf:
$vi /etc/apache2/sites-enabled/default-ssl.conf
.
.
SSLCertificateFile /etc/ssl/certs/encomtr.cer
SSLCertificateKeyFile /etc/ssl/private/encomtr.key
SSLCACertificateFile /etc/ssl/certs/E-Tugra_Certification_Authority.pem
.
.
Então, o que estou perdendo aqui?