PM85296: APP CENTER INSTALLER IN ANDROID ASKING FOR CERTIFICATE VERIFICATION OVER SSL.

APAR status

• Closed as program error.

Error description

• We are not able to install application center on Android (It
  asks
  for certificate confirmation and once we press continue it
  starts
  downloading with download notification but actually becomes
  unsuccessful)
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED:                                              *
  * Users of Android mobile devices accessing the Application    *
  * Center on an SSL secured webserver.                          *
  ****************************************************************
  * PROBLEM DESCRIPTION:                                         *
  * 1) The Android default browser does not handle SSL           *
  * certificates correctly on download links. This defect is     *
  * outside of IBM's scope. The symptom is that the download of  *
  * the application starts but is never finished. The standard   *
  * workaround is to use Opera or Firefox instead.               *
  * 2) The installers.html page does not work in Opera and       *
  * Firefox browsers, since it is built on Dojo Mobile, and Dojo *
  * Mobile does not support those browsers. The symptom is that  *
  * the installers page remains empty in Opera and Firefox       *
  * browsers. The workaround for this is to use a simplified     *
  * inst.html instead of installers.html.                        *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  When installing the Application Center on a web server that is
  configured with SLL, the installers page may not work on some
  Android devices. The origin of the problem is that those Android
  devices cannot handle the SSL certificate.
  
  SSL certificates are used to validate the webserver's identity.
  A web browser validates the certificate chain until it finds a
  certificate that is already known. The root certificates of the
  chain of all major certificate authorities are usually built
  into the browser. Unfortunately, the default Android browser in
  some earlier Android versions does not contain some root
  certificates (in particular the one from Thawte SSL; but the
  same effect can happen for other SSL certificates as well, as we
  don't have a complete list of all root certificates vs. Android
  versions).
  
  Normally, when a browser cannot validate an SSL certificate, it
  asks the user for confirmation about the untrusted web server.
  This also happens for self-signed certificates. However, the
  Android default browser has a bug that prevents it from asking
  the user when the link triggers a download. The bug is
  registered here:
  http://code.google.com/p/android/issues/detail?id=5851
  

Problem conclusion

• An inst.html page was added and documented as a fallback
  solution for when users want to use Opera or Firefox.
  
  The fix for this APAR is currently targeted for inclusion in
  release 6.0.0.0.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  WORKLIGHT CONSU

• Fixed component ID

  5725I4301

Applicable component levels

• R505 PSY

     UP

• R506 PSY

     UP