SSL handshake failed

1961
6
Jump to solution
09-09-2018 04:22 PM
Highlighted
New Contributor III

We have deployed ArcGIS Enterprise 10.6.1 into a customer site, along with Enterprise there is a separate machine running a Portal Web Adaptor. 

However when trying to connect to Survey123 in Enterprise using an Android device users are receiving a "SSL handshake failed (6) error. It appears that it might be some sort of certificate issue. The customer has a valid COMODO issued certificate and there is no issue when connecting via an iOS device. We have checked that the certificates have been imported into the various servers, all appears to be correct. Have also updated to the latest version of the app (3.0.149) Is there anything else to check? Any assistance or ideas appreciated. 

1 Solution

Accepted Solutions
Highlighted
Esri Esteemed Contributor

To close out this issue, the problem was with the SSL certificate on the web server.  Survey123's Android build requires the entire certificate chain (Server (Intermediates) Root certs) to be present.  This has been raised for other applications; external documentation can be found at https://ssl.comodo.com/support/untrusted-certificate-error-on-android.php and https://medium.com/@itzfitz/how-to-fix-comodo-certificate-not-trusted-on-android-devices-afa405a3531... 

View solution in original post

6 Replies
Highlighted
Esri Esteemed Contributor

Hi Jamie,

Do you receive the same error when visiting the Portal's home page in the phone's browser?  What network is the Android device using to access the Portal (wifi in the same local network as the Portal web adaptor, cellular, cellular w/ VPN)?  Additionally, is the time configured correctly - doing a bit of research, it appears that Android devices will also through this error if the time is not roughly in sync (How to Fix HTTPS SSL/TSL Error on Android Smartphone? )

Reply
0 Kudos
Highlighted
New Contributor III

Hi James, 

Thanks for the reply. We have tried both on the internal wifi network and also on the 4G cellular network (there is no VPN). Have test and we are able to connect to the Enterprise Portal via a browser on the Android device, timezone is all correct and date / time is all correct. So it appears something to do with connecting via Survey123 to the Portal only. Have tested with Explorer and that is working correctly too. 

Cheers

Jamie

Reply
0 Kudos
Highlighted
Occasional Contributor III

Hi Jamie,

I did post a reply, but, I subsequently deleted after rereading this entire thread.

My initial impression was (and still is), there is something wrong with the Comodo CA root and/or the certificate chain. However, such issues should be reproducible when browsing via your Android device's browser, which, you've indicated is okay.

I will do some investigations here.

Stephen

Reply
0 Kudos
Highlighted
New Contributor III

Hi Stephen,

I think you might be right, i have tried a different Android device and going through a browser I am getting errors that the certificate is not trusted. I have found some documentation on the Comodo site which i am working through to see if this fixes it. 

Will let you know how it goes, really odd as we have been able to connect with some Android devices but not others.

Regards

Jamie

Reply
0 Kudos
Highlighted
Esri Esteemed Contributor

To close out this issue, the problem was with the SSL certificate on the web server.  Survey123's Android build requires the entire certificate chain (Server (Intermediates) Root certs) to be present.  This has been raised for other applications; external documentation can be found at https://ssl.comodo.com/support/untrusted-certificate-error-on-android.php and https://medium.com/@itzfitz/how-to-fix-comodo-certificate-not-trusted-on-android-devices-afa405a3531... 

View solution in original post

Highlighted
New Contributor III

Thanks for your help with this James and Stephen, this is exactly what the issue was. I followed the above documentation and it resolved the issue, the customer has been using Survey123 for a few weeks now and there are no further issues.

Reply
0 Kudos