0

Im using nginx with my own SSL certificate chain but I'm getting a problem with android 7. I dont understand this solution.

My nginx configuration is:

server {

   listen 443 ssl;
   listen [::]:443 ssl;
   ssl_certificate /etc/letsencrypt/live/server.mydomain.cloud/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/server.mydomain.com/privkey.pem;
   include snippets/ssl-params.conf;

What should I do? Thanks!

user207421
  • 305,947
  • 44
  • 307
  • 483
Pablo Cegarra
  • 20,955
  • 12
  • 92
  • 110
  • 1
    The solution you reference is for node.js and does not apply for nginx. cert with full chain (excluding root) needs to be in `ssl_certificate`, i.e. in your fullchain.pem. My guess that the content of this file is wrong or incomplete but since it is unknown I cannot proof it. Check your site against [SSLLabs](https://www.ssllabs.com/ssltest/analyze.html) and look for errors about missing chain certificates. – Steffen Ullrich May 14 '17 at 13:39
  • @SteffenUllrich DNS CAA No (more info). Overall Rating A, and yes, Im using nodejs – Pablo Cegarra May 14 '17 at 14:16
  • 1
    But based on your question you use nginx to serve the SSL because why would you show the nginx configuration then instead of the nodejs configuration. So it does not matter that you use nodejs, at least not for this kind of problem. If you would publish the URL I could have a closer look but based on the information in this question only it is impossible to say what's going on. Also, you don't describe what problem exactly you have with Android 7. – Steffen Ullrich May 14 '17 at 14:31
  • ok @SteffenUllrich here is my domain: https://www.ssllabs.com/ssltest/analyze.html?d=thiago.addressbook.cloud&s=46.105.29.152 – Pablo Cegarra May 14 '17 at 14:36
  • 1
    And what exactly is the problem you get with Android 7? And do you get the problem from the browser or from a specific app only? – Steffen Ullrich May 14 '17 at 14:40
  • Im using parse server, https://github.com/parse-community/Parse-SDK-Android/issues/660#issuecomment-301267943 – Pablo Cegarra May 14 '17 at 14:42
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/144178/discussion-between-steffen-ullrich-and-pablo-cegarra). – Steffen Ullrich May 14 '17 at 14:45

1 Answers1

0

My solution, now its working:

      ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
           .tlsVersions(TlsVersion.TLS_1_2)
           .cipherSuites(
                   CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, //aws ssl
                   CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA) //letsencrypt
           .build();

   OkHttpClient.Builder builder = new OkHttpClient.Builder()
           .connectionSpecs(Collections.singletonList(spec))
           .addInterceptor(new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BODY));

   Parse.initialize(new Parse.Configuration.Builder(getApplicationContext())
           .clientBuilder(builder)
           .applicationId("")
           .clientKey("")
           .server("")
           .build());
Pablo Cegarra
  • 20,955
  • 12
  • 92
  • 110