cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SMP 3.0: Agentry "SSL Signature Verification Failure" on Android

Go to solution
Former Member

on ‎01-05-2015 12:53 PM

0 Kudos

All.

Background:

We have set up SMP 3.0 for our test environment in a clustered architecture.

Our two SMP servers are located in our internal network, and we have configured NGINX on two load balanced servers

in the DMZ.

We have created a public DNS name for accessing our hardware network Load Balancer, which balances the 2 NGINX servers.

The DNS name responds on standard https port 443, and the SSL certificate has been signed by GlobalSign.

I have deployed a dummy Agentry Application to perform a connect test to verify connection to the SMP.

This has been tested successfully on my PC using the ATE, ensuring I am using the external IP of the load balancer via an entry in my host file.

Problem:

When testing via Android I get the error "SSL Signature Verification Failure".

However testing in Chrome, I see the response "I am here!" from the SMP, and the certificate validates succesfully, meaning our certificate has been properly signed.

In Android I have tested with Agentry clients of versions 70.5.3 and 70.5.6.

Does anybody have any clues what I am missing ?

Thanks,

Søren Hansen

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-05-2015 3:30 PM
0 Kudos

All.

Let me add, that I have tested this on my iPhone (from external network), where the setup works fine.

So clearly this is an Android issue.

I appreciate any input on this.

Thanks.

Søren Hansen

Show replies
Show replies
kirankola
Advisor
Advisor
‎01-05-2015 3:35 PM
0 Kudos

Hi Soren,

Can you try reinstalling the client?

Regards,

Kiran

Former Member
‎01-05-2015 3:47 PM
0 Kudos

Hello Kiran.

I did try that. I first tested on client version 70.5.3, then deleted it and tried installing client version 70.5.6 (from newest SDK).

The result was the same.

Søren.

kirankola
Advisor
Advisor
‎01-05-2015 5:17 PM
0 Kudos

What happens when you connect directly to one of SMP Server without Nginx? assuming you will have SMP Server SSL cert on the device

Former Member
‎01-07-2015 3:46 PM
0 Kudos

We have now found a proper workaround, but in my view it is a bug in the Agentry client for Android.

In our case our server certificate is signed by an intermediate domain certificate, which again is signed by the root certificate of GlobalSign.

In Windows and iOS, trust can (apparantly) be established if any member in the trust chain is trusted (in our case this is the Root certificate).

But in Android the signing certificate must be trusted to establish trust. In our case the intermediate certificate is the signing certificate which is not trusted directly by default.

Solution:

If the intermediate certificate is installed in Android as a User certificate, then trust is established and the Agentry client will work.

Søren Hansen

Answers (0)

Ask a Question