OneDrive addon fails to connect with an error "certificate not verified"

[cliveo]

On an Android device running version 4.4.4 I get this error "certificate not verified" when trying to access my OneDrive account. I have been successful with the addon on a device running version 10.0. So, is this error due to a compatibility issue (the version being so old) or a deeper problem. Thanks for assistance

[ghisler(Author)]

It means that Android 4.4.4 does not know the root certificate used by the OneDrive servers to sign their site certificate.
According to this stack overflow article, it should be possible to install root certificates on Android 4 to Android 7:
https://stackoverflow.com/questions/4461360/how-to-install-trusted-ca-certificate-on-android-device

You should visit the OneDrive site with a Web browser on Windows or MacOS, and then look at the provided certificate chain. Then you need to export the root certificate (not the site certificate), and install it on Android.

[cliveo]

It means that Android 4.4.4 does not know the root certificate used by the OneDrive servers to sign their site certificate.
According to this stack overflow article, it should be possible to install root certificates on Android 4 to Android 7:
https://stackoverflow.com/questions/4461360/how-to-install-trusted-ca-certificate-on-android-device

You should visit the OneDrive site with a Web browser on Windows or MacOS, and then look at the provided certificate chain. Then you need to export the root certificate (not the site certificate), and install it on Android.

Sincere thanks for taking the time to clarify what's causing the error. My coding knowledge is non existent which makes the information contained in the StackOverflow discussion unintelligible. Apologies if my response sounds ungrateful. That is certainly not my intent. I am grateful that you took the time to respond.

[ghisler(Author)]

Try importing these two certificates:
https://www.ghisler.ch/onedrivecerts.zip

1. Unzip the crt files on your phone.
2. Try opening them with Total Commander
3. If this fails, try adding them via Android settings as described here:
https://www.lastbreach.com/blog/importing-private-ca-certificates-in-android

[cliveo]

Try importing these two certificates:
https://www.ghisler.ch/onedrivecerts.zip

1. Unzip the crt files on your phone.
2. Try opening them with Total Commander
3. If this fails, try adding them via Android settings as described here:
https://www.lastbreach.com/blog/importing-private-ca-certificates-in-android

I tried both methods. I had installation succeeded messages for both methods, but I still get the error message. I'm very grateful for the time and patience that you have given me. It's a shame that your efforts haven't borne fruit.

[ghisler(Author)]

It's possible that Android 4.4.4 cannot handle SHA256 hash in certificates, only the weaker SHA1. Then it would be impossible.

[cliveo]

It's possible that Android 4.4.4 cannot handle SHA256 hash in certificates, only the weaker SHA1. Then it would be impossible.

OK and thank you again for your support

[DrShark]

I tried both methods. I had installation succeeded messages for both methods, but I still get the error message.

I also tried both methods on VirtualBox with Android 4.4.2 X86, there the certificates could be installed only with second method (first method showed Certificate read error). But yes, even after installing the certificate with second method, after I enter the password for OneDrive account in oAuth window and trying to login, TC shows "Certificate not verified" toast.
Stock web browser also shows outlook.com login page fine and allows to enter email and password, but then shows certificate error with problem certificate named *.events.data.microsoft.com and problem url like

Code: Select all

https://browser.pipe.aria.microsoft.com/Collectpr/3.0/?[rest of url]

, and login doesn't happen.

It's possible that Android 4.4.4 cannot handle SHA256 hash in certificates, only the weaker SHA1. Then it would be impossible.

That's sad, it was convenient to use OneDrive plugin to transfer files from that virtual machine to PC. For now I'm using Opera Mini 4 for Android and one Ukrainian email provider which has simple mobile UI with pure http access, but still with possibility to attach files to email, to transfer files from that virtual machine (stock browser can't upload files, and it's impossible to install better browsers, including newer Opera Mini versions, to that VM).

[DrShark]

VirtualBox with Android 4.4.2 X86 ...Stock web browser also shows outlook.com login page fine and allows to enter email and password, but then shows certificate error with problem certificate named *.events.data.microsoft.com and problem url like

Code: Select all

https://browser.pipe.aria.microsoft.com/Collectpr/3.0/?[rest of url]

, and login doesn't happen.

I managed to enter to Microsoft Account with stock browser of that Android using one of Microsoft pages where it's possible to sign in, now Microsoft pages show my account avatar and username, so login in web browser somehow works (Outlook Mail and OneDrive still don't work with that browser anyway, it seems it doesn't support some modern web features used in that services). I'm not sure if this info is helpful for OneDrive plugin which uses separate oAuth login page...

[Usher]

2DrShark
Cloud drives and modern webmails heavily use (and even abuse) javascript code. Firefox is the only browser that can run such a code on Android 4.x, I think. The last supported Firefox version is pretty decent - 68.11.0.
Older JS engines are incomplete and very slow. Some features are unsupported, some other are buggy. In the best case you may wait a few minutes to see a webpage in your browser, in the worst case your browser may crash.