"Client Certificate Requested" Error, When Opening Field Maps and Collector
Yesterday, I started to get this error on my Android phone. I have the latest Field Maps and Collector app and my Android is fully updated. Not sure why I got this error today, after never receiving it... I have attached the screenshot from my phone.
Accepted Solutions
I spent all morning dealing with this with Esri, an Esri partner we've contracted in the past who services Esri clients, a 3rd party vendor (who is also an Esri partner), and our IT department.
If you want the background to this here's an article describing what is happening: https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
For an Android phone’s built-in browser, the list of trusted root certificates comes from the operating system — which is out of date on these older phones,” Let’s Encrypt explains. “However, Firefox is currently unique among browsers — it ships with its own list of trusted root certificates. This was a clue for us. Note the Sept 30th expiration.
Steps taken:
- This was only impacting our Android devices; all other access to Enterprise is fine. Esri verified the health of the system, certs etc. Determined was IT issue.
- Conferred with an Esri Partner that supports Esri client infrastructure & development and indicated several clients facing odd cert issues starting last night as well.
- Within the Android device, only mobile apps faced this cert issue: 3rd party app, Field Maps, Collector. See attached error messages.
- Using Chrome on the mobile device you could access the Portal site and authenticate just fine.
- Using the ‘default’ browser (in my case ‘Samsung Internet’) you could NOT access the site and a similar certificate error displayed.
- Tried installing Firefox app and making default in hopes that the apps would ‘look’ at the new Root certs but the behavior persisted.
- iOS devices are not impacted.
Current workaround (your experience will vary a bit depending on your android version(s) and what browser you use on your desktop; Firefox used here did not try with other browsers):
Manually install R3 cert to device
- From desktop: navigate to your portal URL and view, cert info click on padlock icon next to the portal URL
Click More Information
View Certificate
- Click the R3 tab and scroll down to 'Miscellaneous' and download PEM(cert)
- Get this to your Android device by your favorite means (email, file share, Drive, etc.)
- Back on Android device: Settings>Biometrics & security > Other security settings> Credential Storage Install from phone storage> (on my device i select CA certificate, on other tablets it didn't have an option but import worked as expected; I didn't need to supply a name but they did and named it something appropriate)> maybe a warning > install the thing >reboot > open app and see if error clears.
This fixed Collector and Field Maps but so far not the 3rd party Esri app. I expect this may have far reaching impacts for Esri Partner devs.
@Brooks_SummitGeo Thanks for the reply!
The certificate is valid, so I guess I will have to speak with our network services group to see if there was group policy changes.
I spent all morning dealing with this with Esri, an Esri partner we've contracted in the past who services Esri clients, a 3rd party vendor (who is also an Esri partner), and our IT department.
If you want the background to this here's an article describing what is happening: https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
For an Android phone’s built-in browser, the list of trusted root certificates comes from the operating system — which is out of date on these older phones,” Let’s Encrypt explains. “However, Firefox is currently unique among browsers — it ships with its own list of trusted root certificates. This was a clue for us. Note the Sept 30th expiration.
Steps taken:
- This was only impacting our Android devices; all other access to Enterprise is fine. Esri verified the health of the system, certs etc. Determined was IT issue.
- Conferred with an Esri Partner that supports Esri client infrastructure & development and indicated several clients facing odd cert issues starting last night as well.
- Within the Android device, only mobile apps faced this cert issue: 3rd party app, Field Maps, Collector. See attached error messages.
- Using Chrome on the mobile device you could access the Portal site and authenticate just fine.
- Using the ‘default’ browser (in my case ‘Samsung Internet’) you could NOT access the site and a similar certificate error displayed.
- Tried installing Firefox app and making default in hopes that the apps would ‘look’ at the new Root certs but the behavior persisted.
- iOS devices are not impacted.
Current workaround (your experience will vary a bit depending on your android version(s) and what browser you use on your desktop; Firefox used here did not try with other browsers):
Manually install R3 cert to device
- From desktop: navigate to your portal URL and view, cert info click on padlock icon next to the portal URL
Click More Information
View Certificate
- Click the R3 tab and scroll down to 'Miscellaneous' and download PEM(cert)
- Get this to your Android device by your favorite means (email, file share, Drive, etc.)
- Back on Android device: Settings>Biometrics & security > Other security settings> Credential Storage Install from phone storage> (on my device i select CA certificate, on other tablets it didn't have an option but import worked as expected; I didn't need to supply a name but they did and named it something appropriate)> maybe a warning > install the thing >reboot > open app and see if error clears.
This fixed Collector and Field Maps but so far not the 3rd party Esri app. I expect this may have far reaching impacts for Esri Partner devs.
