[irra7ional]

Hey guys,

I have been running into more and more sites that I give me the dreaded red stop because of not trusted certificate.

The thing is I can't figure how to white list them. Show more on these sites does nothing and there seems to be no way to add an exception.

Help is much appreciated!

Posted via CB10

[Bla1ze]

Try installing MultiCERT - https://appworld.blackberry.com/webs...ntent/59999147

[thurask]

If it's Let's Encrypt certificates causing trouble, and you're on 10.3.2 (or prior), yeah, install MultiCERT. Installing 10.3.3 also adds Let's Encrypt support.

[Richard Buckley]

The only sites I haven't been able to white list are for pretty serious reasons. Strict transport security turned on and the certificate is for the wrong site, revoked certificates, and others. If the issue is that BlackBerry doesn't have the CA certificates for the sites you need it is quite easy to get them from the CA's site and install them.

LeapSTR100-2/10.3.3.2205

[irra7ional]

Ty guys the issue was indeed Let's Encrypt certificates

You guys are life savers :-) 10.3.3 is not available in my country yet

Posted via CB10

[dbq10]

MultiCERT couldn't fix my sites. I'm having issues with Amazon certificates; someone commented on another site that Amazon got into the CA business in 2015. I will have to go to 10.3.3 and hope for the best.

[bb10adopter111]

Feel free to post the problematic URLs and those of us on 10.3.3 can tell you if there are issues.

Posted with my trusty Z10

[dbq10]

10.3.3 can't resolve the problem with Starfield Services root certificates provided by Amazon for online retailers. Since the sites aren't blocked on my Android 5.0 tablet I'd say it's just a BlackBerry problem.

[Richard Buckley]

10.3.3 can't resolve the problem with Starfield Services root certificates provided by Amazon for online retailers. Since the sites aren't blocked on my Android 5.0 tablet I'd say it's just a BlackBerry problem.

If you post the URL that is giving you a problem maybe someone could help.

LeapSTR100-2/10.3.3.2205

[dbq10]

Hi Richard, try this respectable but blocked news site:
Sciencedaily.com
I have the valid, up to date certificates but I'm only blocked using my Passports (10.3.2 & 10.3.3) My best non-engineer guess is that since Amazon has been providing certs for just the last two years they figured BlackBerry was either out of the picture or so marginal that it wasn't worth testing for compatibility.

[thurask]

This is what it looks like on an Android device:

[bb10adopter111]

Hi Richard, try this respectable but blocked news site:
Sciencedaily.com
I have the valid, up to date certificates but I'm only blocked using my Passports (10.3.2 & 10.3.3) My best non-engineer guess is that since Amazon has been providing certs for just the last two years they figured BlackBerry was either out of the picture or so marginal that it wasn't worth testing for compatibility.

I have no problem with that site on my Z10 running 10.3.3 with the native browser.


Posted with my trusty Z10

[Vistaus]

That site works fine on my Passport with 10.3.3



Posted via CB10 using my amazing  Passport (OG Red)

[oystersourced]

Hi Richard, try this respectable but blocked news site:
Sciencedaily.com
I have the valid, up to date certificates but I'm only blocked using my Passports (10.3.2 & 10.3.3) My best non-engineer guess is that since Amazon has been providing certs for just the last two years they figured BlackBerry was either out of the picture or so marginal that it wasn't worth testing for compatibility.

BlackBerry 10.3.2 didn't have the Amazon CA certificates (whether that's because they are new, misused or untrusted is fairly irrelevant now if they have been added to 10.3.3), you can obtain them from their website if you wish and install them very simply (there is no need for third-party apps), a simple tap to open and BlackBerry 10 leads you the rest of the way.

I'm running 10.3.2 and can access the website, just because you can add certificates from a CA doesn't equate to a website being trustworthy however.

Posted via CB10

[Richard Buckley]

Hi Richard, try this respectable but blocked news site:
Sciencedaily.com
I have the valid, up to date certificates but I'm only blocked using my Passports (10.3.2 & 10.3.3) My best non-engineer guess is that since Amazon has been providing certs for just the last two years they figured BlackBerry was either out of the picture or so marginal that it wasn't worth testing for compatibility.

Oystersourced has the solution. But I will mention that this is not only limited to versions but also decisions BlackBerry makes as to which CAs to include. BlackBerry has always shipped with fewer CAs that the popular browsers. But if you trust and need a particular CA they will always have their roots certificates available so that users can add them to their browsers.

LeapSTR100-2/10.3.3.2205

[dbq10]

Thanks for everyone's input. I think I may have older but un-expired Starfield Services certificates, and nothing showing up specifically as 'Amazon', even after running MultiCERT.
I can't find any download information for Amazon certificates - does anyone have a link?

[thurask]

I can't find any download information for Amazon certificates - does anyone have a link?

https://www.amazontrust.com/repository/

[dbq10]

I went to the above Amazontrust.com/repository site and didn't find any download options, just lots of legal documents regarding licensing and partners best practices, plus many lines of programing code; nothing there that I could interpret.

[thurask]

I went to the above Amazontrust.com/repository site and didn't find any download options, just lots of legal documents regarding licensing and partners best practices, plus many lines of programing code; nothing there that I could interpret.

Certification Authorities > Root CAs > Self-Signed Certificate > .cer or .pem format

[bb10adopter111]

Why not just upgrade to 10.3.3, which includes the certs?

Posted with my trusty Z10

[dbq10]

I found the correct download path for all four Amazon certificates and now all of my sites are accessible again
These are the download files, valid starting May 2015:
www.awstrust.com/repository/amazonrootCA1.cer
www.awstrust.com/repository/amazonrootCA2.cer
www.awstrust.com/repository/amazonrootCA3.cer
www.awstrust.com/repository/amazonrootCA4.cer

( I already had 10.3.3 on one of my Passports and was still missing these certs, and I prefer to keep the other Passport on 10.3.2, just because you never know when you might need it.)
I found this info in a Mozilla foundation article, 1172401-Add Amazon root certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1172401

[RichardHBB]

I found the correct download path for all four Amazon certificates and now all of my sites are accessible again

The above linked Amazon certificates are no longer valid links, but following Thurasks' post to simply download the root certificates from Amazon's page will get you the current files. I just got them and my previously blocked sites appear to be working.

Richard

[dbq10]

Thanks for the update. Do you have the link to the Amazon page?
(My sites still work, fingers crossed.)

[RichardHBB]

The same as in post #17 and #18 here. https://www.amazontrust.com/repository/

You will need to download the "DER" files under "Root CAs", then click on them in the file manager to import the certificates. There are currently 5 there. It's a very easy process.

Richard