I’ve submitted this issue long ago but I’m still seeing the red warning next to mobile (IOS) Brave browser for my website. Before it didn’t give any explanation but now it shows “Certificate is not trusted” message when I click on it. I read somewhere that Brave is dependent on Safari but Safari shows valid SSL/TLS lock icon. How does this happen? I assume that Brave has its own independent trusted root certificate store that’s being managed separately?
How can this issue be reproduced?
Visit my website from IOS mobile device.
Expected result:
Brave Version: Version 1.38 (22.5.13.17)
Mobile Device details iPhone 12 Pro
Additional Information:
What I see from Brave mobile.
What I see from every other browsers including Safari.
That prompt is something that I made for people to not miss animations (in case some features are disabled on their OS level) I implemented in the website. That prompt has nothing to do with the SSL/TLS warning that I’m getting. Thank you for trying to resolve though!
@289wk
About the animation prompt message, you probably touched device settings. Refer HERE to see if it fixes.
I’m pretty sure my error is related to mobile Brave trust root store - either not having the cert in the list or not able to validate kind of issue. This is likely out of user’s scope to fix but for Brave technical team to update cert list. But thank you for trying various methods though I appreciate.
This is likely a user specific condition where they try to make device faster by choosing “lower quality” setting. Refer to THIS page if you want to reproduce. But that prompt is something I personally made to let visitors know that they might not see animation I made for the website, so it’s irrelevant to the issue.
What does that mean? Do I need to change server config? If so, which directive should I modify and how? I’m currently using Apache with ProxyPass directive to internally proxy requests to NodeJS server. So is this error occurring due to server config? If so, why is Safari not giving same error if Brave is created on top of Safari? And why is it only happening in IOS mobile devices? And why does the error say Certificate is not trusted?
Those are just the server settings, the cert (SSL) settings are separate.
Visiting the IP directly will generate similar errors in Safari and Brave. https:// 5.183.11.210/ Unsure why the errors are different on the domain itself.
I even tried applying redirect from IP 5.183.11.210 to DNS https://kevsong.com but this didn’t solve either as cert has to be checked prior to reaching the web server (I removed redirect directive after as it wasn’t the fix). I’m pretty sure this has something to do with Brave certificate trusted root store. Are you guys developers? Can you guys inquire about this to someone who has access to trusted root store?
So it’s a combination of two issues. The first is that the certificate’s chain can’t be parsed using: SecPolicyCreateBasicX509 (every other browser seems to not care [they ignore this policy and only use SecPolicyCreateSSL ]).The second is that it loads http:// content and not only https:// content.
Thank you for inquiring on this. I enabled force redirect from the server side (it used to be done from the client side) to enforce HTTPS but I’m still seeing the red icon. Now we’re left with cert trusted store issue you’ve mentioned. So are we confirming that this is solely on Brave browser? Or is there anything I can do about this?
