by AdminWes » Mon Jul 09, 2012 8:25 am
Hi lhmathys,
I believe that based on your testing the 2048 strength cert issued from GoDaddy is likely using a CA that is unknown to the Android OS. When issuing valid certs, the requester typically has to inform the issuer authority (GoDaddy) to authenticate the cert with a CA server that is known by the embedded trusted CA list in the OS software of the mobile device.
The reason that this works in Chrome on a PC is that the trust CA list is updated rather frequently. The trusted CA list in mobile devices are updated on OS upgrades and are not necessarily updated to understand all available trusted CA servers out there. This is also the reason that the Android browser complained about the validity of your issued cert. It does not have the issued cert's CA authority in it's trusted CA list.
My recommendation is to go back to GoDaddy and ask for a cert signed that will be recognized by your Android OS version. Our experience is with Verisign certs, and we have to explain to them where the cert will be used and what version of mobile OS we expect to be using the cert.
Also, it's possible that the Android HW/SW you have may not fully support 2048 bit encrypted sessions as evident by your testing confirming that the self-signed 2048 bit cert did not work while 1024 and 512 operated correctly. If you get GoDaddy to re-issue your cert, you may want to request a 1024 bit cert instead of 2048 for compatibility with your Android HW/SW.
Wes