Kobo Collect broke my certificate authority setup?

Hi:

After installing the Collect app from the Android Market, I find that
SSL sites whose certificates were previously OK (from a recognised
authority) now show a "unrecognised authority" error. Somehow it
appears that installing Kobo Collect has altered the list of
recognised certificate authorities in my Android device, and the list
no longer contains an authority which I regularly use ("Rapid SSL
CA"). Previously this authority was accepted by my device (and is
still accepted by other Android devices on which I haven't installed
Kobo Collect).

Even worse, uninstalling Collect hasn't fixed the problem - I'm still
unable to access SSL websites which use this cert authority.

I had previously installed two different versions of the ODK Collect
app, which worked fine with my cert authority. But the Kobo version
of Collect doesn't, and even now that I have uninstalled it, I am
still unable to access sites which use secure certs issued by that
authority.

Please can someone tell me how to un-break my SSL? NB - my phone is
not rooted!

Thanks
Nik

Nik,

I can’t imagine that this could be a result of installing KoBo. It just doesn’t have any effect on SSL certificates.
Let me understand, you are visiting sites in your phones web browser and your browser is complaining about the certificates?

Is there any reason, other than the timing, to suggest it has something to do with KoBo?

~Neil

Neil: thanks for getting back to me.

I can’t imagine that this could be a result of installing KoBo. It just doesn’t have any effect on SSL certificates.
Let me understand, you are visiting sites in your phones web browser and your browser is complaining about the certificates?

Is there any reason, other than the timing, to suggest it has something to do with KoBo?

Not really - though the timing was a bit specific. The Android device with the problem is running 2.2.2, while a near-identical device running 2.3.3 interacts fine with my SSL server.

The only difference between the two devices apart from the Android version is that one had Kobo Collect installed on it, and the other had the ODK Collect app installed.

I’m pretty sure I had succesfully tested both devices with ODK Collect before installing Kobo Collect, but of course it’s possible that I’m remembering that wrongly, and that the problem device hadn’t previously been successfully tested with ODK Collect. I can’t recreate the original test situation without factory-setting my phone, which is a lot of hassle - so let’s assume I’m mistaken.

Apologies that I may have thrown you a red herring.

One suggestion, though - since non-rooting Android users depend on the device supplier to keep the list of recognised cert authorities updated, and since the suppliers have no vested interest in doing this because they want to sell you a new phone every week (!), would you consider changing the Collect app to make the cert error non-fatal?

In other words, if Collect finds that it’s talking to an SSL server which presents a cert from an unrecognised authority, rather than just stopping, could it tell me there’s a problem with the cert but offer the user a manual override option to (a) continue at their own risk, and (b) ideally to store the cert as a permanent exception?

That’s how most browsers handle the situation, and it seems a sensible route. I note that the in-built Android browser on my device doesn’t allow me to store permanent exceptions like other browsers do, but it does allow me to accept the cert and continue without further warnings during that session.

Thanks
Nik