Skip to main content
Solved

Scan IT: unable to connec to on-prem IFS cloud on Android

  • November 7, 2024
  • 2 replies
  • 144 views
C
Sidekick (Customer)
Forum|alt.badge.img+5
  • cgo
  • Sidekick (Customer)
  • 10 replies

Hi all,

  • We have an on prem IFS CLOUD.
  • We're trying to run Scan IT on Android 9 & 10 devices.
  • The Scan IT App works when running on a Windows Device which is in the same subnet as the Android Devices.

IFS CLOUD URL itself can be access via Browser, but the App produces:

 

 

We assumed maybe the SSL cert CA are not up-to-date. The CA & certificate chain has been uploaded to the Android devices & installed, but same phenomenon.

Q: Is anyone using Scan IT on an Android Device for a IFS CLOUD on-prem Setup successfully and/or been confronted with the phenomenon above?

Best answer by cgo

Hi Rukmal, no vpn, its an internal network. SSLabs does only check the trust chain of exposed endpoints as far as I know. As mentioned, access via browser was ok.

We had a similar issue on Android devices with MWO while on IFSAPS10. Back then we just to had to install the certificate itself.

In this case, it turned out, that the main CA and Intermediate of our provider was not in Androids

/system/etc/security/cacerts.

After importing both through:

Settings > Security > Encryption & credentials > CA certificate > Install from storage.

connection was i.O.

View original
Did this topic help you find an answer to your question?

2 replies

Rukmal Fernando
Superhero (Employee)
Forum|alt.badge.img+16
  • Rukmal Fernando
  • Superhero (Employee)
  • 400 replies
  • November 8, 2024

Are you behind a VPN? if not, can you share your server URL with me via a DM please?

You can anyway check your server URL with a tool like SSLabs, especially for trust chain completeness. We’ve seen that Android devices validate SSL certificate trust chains very strictly, so the root certificates must be trusted on the device for example.

Also, are your Windows devices part of a Windows Domain for example?

Best regards,

Rukmal
 

C
Sidekick (Customer)
Forum|alt.badge.img+5
  • cgo
  • Author
  • Sidekick (Customer)
  • 10 replies
  • Answer
  • November 11, 2024

Hi Rukmal, no vpn, its an internal network. SSLabs does only check the trust chain of exposed endpoints as far as I know. As mentioned, access via browser was ok.

We had a similar issue on Android devices with MWO while on IFSAPS10. Back then we just to had to install the certificate itself.

In this case, it turned out, that the main CA and Intermediate of our provider was not in Androids

/system/etc/security/cacerts.

After importing both through:

Settings > Security > Encryption & credentials > CA certificate > Install from storage.

connection was i.O.

Reply


Terms & ConditionsCookie settingsAccessibility statement

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings