Certificate issue: SSL page brings up "you need to set a lock screen pin or password before you can use credential storage" on Android
We've setup the certificates on our server and when requesting https://www.ourserver.org, Android (whatever the browser used) shows a little popup
You need to set a lock screen pin or password
before you can use credential storage
Which is wrong, it seems that the phone is trying to register that certificate..?
It does happen only on Android so far it's fine on iPhone and desktop browsers
our Stunnel config:
[www.ourserver.org]
cert = /etc/stunnel/certs/www.ourserver.org.crt
key = /etc/stunnel/keys/www.ourserver.org.key
CAfile = /etc/stunnel/certs/www.ourserver.org.intermediate.crt
accept = 10.10.54.2:9443
connect = 10.10.54.2:9444
verify=1
xforwardedfor = yes
TIMEOUTclose = 0
cert file is issued by RapidSSL. The intermediate CAfile contains both: the intermediate certificate first and cert certificate.
Any idea of what went wrong on our certificate config ?
If I go through the process of securing my phone with a lock screen, accessing the same page then shows
No certificates found
The app Chrome has requested a certificate.
Choosing a certificate will let the app use this
identity with servers now and in the future. The
app has identified the requesting server as (...),
but you should only give the app access to the
certificate if you trust the app. You can install
certificates from a PKCS#12 file with a .pfx or a
.p12 extension located in external storage."
Answer
This same thing happened to me when I was installing my certificate on my Android Tablet.
- Yes, you need to set a lock or pin code (but this can be removed after installing the certificate)
- Just copy the .pfx file in your Android phone
- On your phone Settings look for Security
- Under credential storage (this option might vary depending on your Phone settings), there should be an option to install certificates
- Restart your phone
Hope this helps.