I expect I'm not alone in that some of my apps communicate with a server using a TLS and a free certificate from LetsEncrypt.
As they explain on their blog, starting next year they will be signing certs with their own root certificate, rather than the one the have used before, which was cross-signed for them. The practical upshot of this is that Android devices prior to 7.1.1 will no longer be able to validate LetsEncrypt certificates signed with the new root, and this may be a substantial number of users for some people.
It is, apparently, possible for apps to include a new root certificate, and I was hoping someone may shed some light on that. I see also that the okHttp team are working on solutions and from Android 7 you can can include a certifcate as a resource. It looks like okHttp provides better backwards compatibility, so I'd love to know how to make things work with the B4A library.
So, if anyone has tips on how to handle this in their apps, much appreciated. Otherwise, consider this a general heads up - if you've got things set up this way, and want to support older Android devices next year, you'll have to do some thinking.
As they explain on their blog, starting next year they will be signing certs with their own root certificate, rather than the one the have used before, which was cross-signed for them. The practical upshot of this is that Android devices prior to 7.1.1 will no longer be able to validate LetsEncrypt certificates signed with the new root, and this may be a substantial number of users for some people.
It is, apparently, possible for apps to include a new root certificate, and I was hoping someone may shed some light on that. I see also that the okHttp team are working on solutions and from Android 7 you can can include a certifcate as a resource. It looks like okHttp provides better backwards compatibility, so I'd love to know how to make things work with the B4A library.
So, if anyone has tips on how to handle this in their apps, much appreciated. Otherwise, consider this a general heads up - if you've got things set up this way, and want to support older Android devices next year, you'll have to do some thinking.
