SMP 3.0: Agentry "SSL Signature Verification Failure" on Android
We have set up SMP 3.0 for our test environment in a clustered architecture.
Our two SMP servers are located in our internal network, and we have configured NGINX on two load balanced servers
in the DMZ.
We have created a public DNS name for accessing our hardware network Load Balancer, which balances the 2 NGINX servers.
The DNS name responds on standard https port 443, and the SSL certificate has been signed by GlobalSign.
I have deployed a dummy Agentry Application to perform a connect test to verify connection to the SMP.
This has been tested successfully on my PC using the ATE, ensuring I am using the external IP of the load balancer via an entry in my host file.
When testing via Android I get the error "SSL Signature Verification Failure".
However testing in Chrome, I see the response "I am here!" from the SMP, and the certificate validates succesfully, meaning our certificate has been properly signed.
In Android I have tested with Agentry clients of versions 70.5.3 and 70.5.6.
Does anybody have any clues what I am missing ?
Søren Hansen replied
We have now found a proper workaround, but in my view it is a bug in the Agentry client for Android.
In our case our server certificate is signed by an intermediate domain certificate, which again is signed by the root certificate of GlobalSign.
In Windows and iOS, trust can (apparantly) be established if any member in the trust chain is trusted (in our case this is the Root certificate).
But in Android the signing certificate must be trusted to establish trust. In our case the intermediate certificate is the signing certificate which is not trusted directly by default.
If the intermediate certificate is installed in Android as a User certificate, then trust is established and the Agentry client will work.