If the website that host video content does not provide an intermediate certificate that is required to complete the certificate chain. Some clients, like Android, are unable to build the complete certificate path and do not trust the certificate when this happens.
if run cUrl for specific address [curl -i ‘https://edge.domainsample.pw/live//playlist.m3u8’] and receive error like this ” Peer’s certificate issuer is not recognized: ‘CN=Go Daddy Secure Certificate Authority – G2,OU=http://certs.godaddy.com/repository/,O=”GoDaddy.com, Inc.”,L=Scottsdale,ST=Arizona,C=US'”
There are two potential issues:
- The Root CA used is “Go Daddy Root Certificate Authority – G2 ” which might not be available in your Android device.
- The server is not presenting the Intermediate CA “Go Daddy Secure Certificate Authority – G2”. The server certificate was issued by the Intermediate CA “Go Daddy Secure Certificate Authority – G2” that was issued by the Root CA “Go Daddy Root Certificate Authority – G2”. For web servers this is not a problem as they are able to download the intermediate CA using the AIA extension from the server certificate but application does not do it.
To solve this issue related with some Android devices and GoDaddy you need to download G2 Intermediate by yourself and install it on device.
Open in browser this link: https://certs.godaddy.com/repository and download ” Go Daddy 2 級憑證授權根憑證 – G2″, when downloading of CA certificate is complete you need to open saved file. Android will ask you to give a name and where you will use it “Apps and VPN” or just VPN choose Apps+VPN. When you complete with installation you can start to watch your streams.