Skip to Content

SMP 3.0: Agentry "SSL Signature Verification Failure" on Android



We have set up SMP 3.0 for our test environment in a clustered architecture.

Our two SMP servers are located in our internal network, and we have configured NGINX on two load balanced servers

in the DMZ.

We have created a public DNS name for accessing our hardware network Load Balancer, which balances the 2 NGINX servers.

The DNS name responds on standard https port 443, and the SSL certificate has been signed by GlobalSign.

I have deployed a dummy Agentry Application to perform a connect test to verify connection to the SMP.

This has been tested successfully on my PC using the ATE, ensuring I am using the external IP of the load balancer via an entry in my host file.


When testing via Android I get the error "SSL Signature Verification Failure".

However testing in Chrome, I see the response "I am here!" from the SMP, and the certificate validates succesfully, meaning our certificate has been properly signed.

In Android I have tested with Agentry clients of versions 70.5.3 and 70.5.6.

Does anybody have any clues what I am missing ?


Søren Hansen

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Best Answer
    Posted on Jan 05, 2015 at 03:30 PM


    Let me add, that I have tested this on my iPhone (from external network), where the setup works fine.

    So clearly this is an Android issue.

    I appreciate any input on this.


    Søren Hansen

    Add a comment
    10|10000 characters needed characters exceeded

    • We have now found a proper workaround, but in my view it is a bug in the Agentry client for Android.

      In our case our server certificate is signed by an intermediate domain certificate, which again is signed by the root certificate of GlobalSign.

      In Windows and iOS, trust can (apparantly) be established if any member in the trust chain is trusted (in our case this is the Root certificate).

      But in Android the signing certificate must be trusted to establish trust. In our case the intermediate certificate is the signing certificate which is not trusted directly by default.


      If the intermediate certificate is installed in Android as a User certificate, then trust is established and the Agentry client will work.

      Søren Hansen

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.