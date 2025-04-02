Some certificates are not correctly veryfied in 7.2
Most of my smart home server sites are presented by https with certificates signed with a centrally generated root certificate. This root certificate is imported as trusted root certificate to android and windows certificate stores.
Since V 7.2 the android vivaldi can't validate the issued server certificates correctly.
I get a warning about unsecure connection - the server certificate doesn't match the URL...
Desktop Vivaldi has no problems with the certificates. Going back to Android Vivaldi 7.1 solves the problem - this one can handle the certificate chain.
The URL e.g. is https://grafana.home.arpa:3000 and the server certificate has a CN=home.arpa and SAN entries for *.home.arpa,grafana,<an IP address entry>
Is there a solution in progress?
Greetings,
Martin
yngve Vivaldi Team
@LineF That system is entirely handled by Chromium's code.
My guess is that you will have the same problem with Chrome 134+
I don't know enough about which TLS protocol and certificate verification implementation android is using, but if 7.2/7.3 desktop is behaving correctly, that suggests that android is using a different implementation for the certificate.
... although , hold on a minute ... home.arpa is in the Public Suffix list ... when did it get added...?
Hmmm, it got added in January, and is in 134 (and thus 7.2/7.3).
That means that home.arpa is now considered a TLD, not a normal domain, and quite possibly that triggers the refusal. Desktop should handle it the same, but you may have OKed the certificate previously.
@yngve Thanks, you brought me to the correct way.
I had *.home.arpa in my certificates and that's with newer chromium versions not allowed anymore. Changed my DNS name in the certificate to servername.home.arpa and the problem was gone.
My desktop version had the same problem but there I always used the server names without domain part (short name was also part of the certificates) - so the issue didn't come up...
Martin