FAQ-1196 Why do I get a certificate warning dialog when I connect to a server using SSL/TLS?


FAQ-1196 Why do I get a certificate warning dialog when I connect to a server using SSL/TLS?

» Symbian OS » Developer Knowledgebase » FAQ-1196

Classification:	C++	Category:	Networking
Created:	12/17/2004	Modified:	01/17/2005
Number:	FAQ-1196
Platform:	Symbian OS v6.1, Symbian OS v7.0, Symbian OS v7.0s, Symbian OS v8.0, Symbian OS v8.0a, Symbian OS v8.0b, Symbian OS v8.1a, Symbian OS v8.1b

Question:
When I connect to a site using SSL/TLS, a certificate warning dialog pops up, how can I disable it?

Answer:
The certificate pops up if the site has an invalid certificate. There is no way to disable this and continue the connection; the only way to prevent the dialog appearing is to ensure that the site certificate is valid.

There are a number of reasons why a certificate can be invalid for a particular site:

1. The URL stored in the certificate isn't the same as the URL of the site it is supposed to verify
2. The site certificate or the Certificate Authority (CA) root on the phone has expired
3. The certificate can't be chained back to a CA certificate on the phone
4. The certificate isn't set as trusted for SSL/TLS/Internet connections in the phone control panel (certificates can be trusted for different uses; in order to be valid for use with the internet, this must be set in the control panel).

If you have a problem, first check that the site certificate has not expired, and that its URL matches the site URL. On the phone you can check that the certificate is "trusted" for internet connections (in the control panel), and that a root CA exists that can be chained back from the site certificate.

Note:

You can use CSecureSocket::SetDialogMode(EDialogModeUnattended) to stop the connection if an untrusted certificate was supplied (ie. you wont get the dialog OR the connection).