PM85296: APP CENTER INSTALLER IN ANDROID ASKING FOR CERTIFICATE VERIFICATION OVER SSL.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • We are not able to install application center on Android (It
    asks
    for certificate confirmation and once we press continue it
    starts
    downloading with download notification but actually becomes
    unsuccessful)
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * Users of Android mobile devices accessing the Application    *
    * Center on an SSL secured webserver.                          *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * 1) The Android default browser does not handle SSL           *
    * certificates correctly on download links. This defect is     *
    * outside of IBM's scope. The symptom is that the download of  *
    * the application starts but is never finished. The standard   *
    * workaround is to use Opera or Firefox instead.               *
    * 2) The installers.html page does not work in Opera and       *
    * Firefox browsers, since it is built on Dojo Mobile, and Dojo *
    * Mobile does not support those browsers. The symptom is that  *
    * the installers page remains empty in Opera and Firefox       *
    * browsers. The workaround for this is to use a simplified     *
    * inst.html instead of installers.html.                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When installing the Application Center on a web server that is
    configured with SLL, the installers page may not work on some
    Android devices. The origin of the problem is that those Android
    devices cannot handle the SSL certificate.
    
    SSL certificates are used to validate the webserver's identity.
    A web browser validates the certificate chain until it finds a
    certificate that is already known. The root certificates of the
    chain of all major certificate authorities are usually built
    into the browser. Unfortunately, the default Android browser in
    some earlier Android versions does not contain some root
    certificates (in particular the one from Thawte SSL; but the
    same effect can happen for other SSL certificates as well, as we
    don't have a complete list of all root certificates vs. Android
    versions).
    
    Normally, when a browser cannot validate an SSL certificate, it
    asks the user for confirmation about the untrusted web server.
    This also happens for self-signed certificates. However, the
    Android default browser has a bug that prevents it from asking
    the user when the link triggers a download. The bug is
    registered here:
    http://code.google.com/p/android/issues/detail?id=5851
    

Problem conclusion

  • An inst.html page was added and documented as a fallback
    solution for when users want to use Opera or Firefox.
    
    The fix for this APAR is currently targeted for inclusion in
    release 6.0.0.0.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM85296

  • Reported component name

    WORKLIGHT CONSU

  • Reported component ID

    5725I4301

  • Reported release

    505

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-03-21

  • Closed date

    2013-07-17

  • Last modified date

    2013-07-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WORKLIGHT CONSU

  • Fixed component ID

    5725I4301

Applicable component levels

  • R505 PSY

       UP

  • R506 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Worklight

Software version:

5.0.5

Reference #:

PM85296

Modified date:

2013-07-17

Translate my page

Machine Translation

Content navigation