iOS allowed invalid certificate while android did not

Question

had a unusual situation during one of our app deployment. iOS version worked well but android version of app did not work. After some troubleshooting, we found that app make

Answer 1

The behavior you saw is due to a functionality called AIA chasing that is implemented by some browsers and user agents (including Safari on iOS). A certificate can have a value for the Authority Information Access extension that can be used by browsers or underlying frameworks to build the complete certificate chain by fetching intermediates if they are not supplied by the server.

Android does not do AIA chasing which is why you saw the error when calling the API from the Android app. I haven't been able to find out why this isn't built into Android.

The correct way to address this is to make sure the web server provides the necessary intermediate certificates to connecting clients.