• Welcome to the all-new Android Central Forums! - We're still moving some things around, so you may see a few quirks here and there, but we're working on getting things fully completed as soon as possible. For now, take a look around, and if you run into any major issues please let us know in this thread!

Ehhhh.... CA/Certificate Issues (apparently new rev on app build tools)


New member
Nov 4, 2016
This one is a bit odd, and new.

It started with a recent update to Ghostery, which I accepted -- and was not concurrent with a system update.

When it finished I was unable to connect to a formerly-available page over https. The specifics are that the CA for the certificate the server uses is private, and loaded on the phone. It's valid, it verifies the certificate, and has been working for a couple of years across various phones and Android revs.

Suddenly, it stopped -- without any error message, just a blank screen.

As other updates rolled out this started happening with those that could connect to that same page but were also updated. Interestingly enough, Chrome is not impacted -- it works as before even though it too has been updated.

Eventually I loaded Firefox and determined that indeed the problem is that the app is completely ignoring all user-loaded CAs (intermediate and root) in the security store (!!)

Of note my BlackBerry DTEK60, which is on Android 6, is not impacted even though I updated its apps to the same revisions! This appears to be something local to V7 Android, and it also appears to be local to the API or runtime libraries linked with the app.

There doesn't appear to be a way to get around this. Of note about two years ago there was a developer note indicating that in order to read CAs out of the user store you had to declare that they were valid in your XML for the app. Exactly when that started being enforced and by what (e.g. version-specific, etc) I'm not sure, but it certainly wasn't a problem on 7.0 on the V20 until now -- and now it is. The app in question isn't one I have source for, so I can't tell if they've declared it as "acceptable" or not, and their "support" is less than helpful. But what I do know is that it's not limited to them -- Firefox has the same issue (but displays a warning and can be overridden) and a couple of other browsers on the Play Store also do the "no display, no error, just blank screen" thing.

Any ideas here folks? Other than screaming at the app developers I'm not sure where to go with this -- obviously I can't put a private CA in the system certificate store, since I can't write to it. The other end of the connection is an embedded system and having a public CA issue a certificate for it would be silly, never mind that in wider deployment that's an even bigger problem (since the certificate structure it uses is part of how it's licensing works.)