Windows server 2016 - Android Browser Showing Security Risk or Connection Not Secured


New Member
Nov 4, 2021
For some Android ver. 7.0 device, Security Risk (Firefox) or Connection Not Secured (Chrome) or Connection is not private (Edge) warning are displayed when browsing all websites running on one webserver. Strangely, on other devices (Windows Desktop, iPhone) these sites run perfect without any warning.

Secondly, while browsing on Andriod ver. 7.0 it is showing following information in error details.
  • "The identity of the website has not been verified.
  • "Server certificate is not trusted"
SSL certificate is up to date. Is certificate not trusted because IIS building own chain?

It also shows following affirmative messages

  • "Your connection to site is encrypted using a modern cipher suite."
  • "The connection uses TLS 1.2"
  • "The connection is encrypted and authenticated using AES_256_GCM and uses ECDHE_RSA as the key exchanges mechanism"
Thirdly, is DST Root CA X3 expired globally on Sep 30, 2021 for all servers and browsers?
If answer is yes then there would be some updates/fixes available for Windows IIS to accept long chain after expiry. Any comments on this?

Websites are running on IIS10 web server on Win 2016 OS with TLS 1.0, 1.1 and 1.2 enabled.

Any suggestions? What I am missing here?
Last edited by a moderator:
Top Bottom