Getting insecure on https on mobiles

hi, I’m getting reports of safari throwing an insecure error/ warning on mobile, i’m using a proxy on this subdomain and with a universsal ssl cert, it works fine on my desktop in several brwsers etc. Anyone know any reason why this would throw insecure on mobioe etc?

It is possible that very old devices (either mobile or not) have not updated their root certificate store, and thus will not trust the certificates used by Cloudflare. For example, iOS earlier than version 10 may not trust Let’s Encrypt certificates.

If you are doing a mobile redirect you will need to ensure that the target of the redirect is being covered by the Universal SSL Certificates. Hostnames are covered for <name>.example.com, and example.com. They are not covered for multiple levels of subdomain, so mobile.www.example.com is not covered by Universal SSL. To cover such hostnames you could use ACM and/or Total TLS.

Do you know the mobile OS versions that are having issues, and also the hostname?

this is the url if any use: VideoJS with Bids Back Handler override

i’ll get the device, os etc, as the person reporyting is in a different country to me, their in ukraine

16.6.1 iOS , using safari & chrome, does it in both

@michael you see my replies?

(Thought I’d sent this reply a few days ago)

So that is a pretty recent version, and I would rule out certificate compatibility issues.

Are you able to capture any information about the certificate the clients are seeing? I would suspect something in the middle, and that it is not your cert.

Is there anything common with the end users? Firewall, proxy etc.?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.