CA certificate somehow not taken by browsers on android

This is a follow up question related to this answer.

In short: I am importing the Root CA certificate into android system via

Settings -> Security -> Trusted Credentials -> install from SD

path slightly differs on different android versions.

Then point any browser (tested with Firefox, chrome and opera) to the secure (java script based) resource and I receive a socket error. The resource is an index.html with js web-socket logic to securely connect to a mosquitto broker.

If I on the other hand point the browser to "https://myserver:<mysecure port>" I receive a privacy warning, can continue unsafe and this somehow sets a cookie or other storage thing thus I am able to do future requests over the js based secure resource.

How to accomplish browser based requests on android without accepting unsafe privacy risks?

Go to Source
Author: woodz

why CA use private key to sign a digital certificate? What is the logic behind sign a digital certificate with CA private key?

In general(PKI), encryption happens with public key and decryption happens with private key. But, how Certificate Authority sign a digital certificate with private key? How this can be validated using public key in browser? What is the logic behind CA certificate validation?

What is the role of SHA (hash algorithm) role here? How SHA and CA private key work together?

Go to Source
Author: srikanth varma

How do I identify, characterize and detect if trusted CAs compromised?

How do I identify, characterize and detect if trusted CAs compromised?

What is the best approach to use in identifying, characterizing and detecting compromised CAs? I do not mean an invalid certificate or invalid CA that can be identified by an X.509 during validation process. I am looking for a tool/approach that can identify and detect “trusted CA that is actually compromised. For example the cause of compromisation like attacker Impersonate or compromise CA key and try to issue fraudulent certificate/ fake CRL.

A part from existing methods such as CT, key pinning, DANE etc which partly address some issues related to CA compromised.

I there a way from method like Blockchain, Machine learning or any role based approach can be used to first identify, characterize and detect if trusted CA really compromised?

Go to Source
Author: abba garba