Android Question Question about the SSL

[Alex_197]

Hi all.

I want to know if the SSL Geotrust TLS RSA CA G1 will work with the B4A and B4i applications? Currently I'm using Geotrust RSA 2018 but I was told that after 04/15/2026 this SSL won't be trusted anymore. I already had the issue when ordered the SSL that wasn't compatible with B4A - I'm using HttpJob from OkHTTPUril2 in B4A and iHHTPUtil2 in B4i.

Can you help with this?

Thank you.

 

[Erel]

It depends on the device installed root certificates, not on B4A.

 

[Alex_197]

It depends on the device installed root certificates, not on B4A.

Thank you for the reply. So it might work on one device and not on the other? Does it apply to the Android and iPhone?
Is there any workaround?

Thank you

 

[JohnC]

ChatGPT says...

What you were told is basically correct—but the key point is that this isn’t really a B4A/B4i issue or related to HttpJob itself.

B4A (OkHttp/OkHttpUtils2) and B4i both rely on the **underlying OS trust store**. So whether an SSL certificate works depends entirely on:

* The **certificate chain (root + intermediate)**
* Whether the **device’s OS trusts that chain**

### Why this becomes a problem

Older Android devices have a **fixed list of trusted root certificates**, and that list does **not get updated**.

At the same time, websites and cloud services:

* Regularly **renew/update their SSL certificates** (often yearly)
* Switch to **new certificate authorities or chains**
* Adopt **stronger security requirements**

When that happens, older devices may no longer recognize the certificate chain as valid.

### The result

On older Android versions (especially 4.x–5.x, and increasingly 6–7):

* SSL handshake failures
* HTTPS requests fail
* Connections to APIs/cloud services stop working

### About your specific case

* Your current certificate (**GeoTrust RSA 2018**) is being deprecated, so yes—after April 2026 it may no longer be trusted by newer systems.
* Moving to **GeoTrust TLS RSA CA G1** is the correct step for modern compatibility.

However:

* It will work fine on **newer Android and iOS devices**
* It may **not work on older Android devices**, because they may not trust the newer certificate chain

### Important takeaway

There is **no longer a single SSL certificate that works across all Android versions**.

So if something “doesn’t work with B4A,” it’s almost always:
An **outdated root certificate store on the device**, not your code or the library.

### What you should do

* Move to the newer certificate (GeoTrust TLS RSA CA G1 or equivalent)
* Test against your **minimum supported Android version**
* Decide whether supporting very old Android devices is still worth it

### Reality check

If you must support very old Android versions, your options are limited:

* Find a certificate chain that still supports legacy trust stores (getting rare)
* Implement a custom trust solution (not recommended for security reasons)

Bottom line:
This is an **Android OS limitation + evolving SSL standards**, not a B4A/B4i problem.

 

[Alex_197]

ChatGPT says...

What you were told is basically correct—but the key point is that this isn’t really a B4A/B4i issue or related to HttpJob itself.

B4A (OkHttp/OkHttpUtils2) and B4i both rely on the **underlying OS trust store**. So whether an SSL certificate works depends entirely on:

* The **certificate chain (root + intermediate)**
* Whether the **device’s OS trusts that chain**

### Why this becomes a problem

Older Android devices have a **fixed list of trusted root certificates**, and that list does **not get updated**.

At the same time, websites and cloud services:

* Regularly **renew/update their SSL certificates** (often yearly)
* Switch to **new certificate authorities or chains**
* Adopt **stronger security requirements**

When that happens, older devices may no longer recognize the certificate chain as valid.

### The result

On older Android versions (especially 4.x–5.x, and increasingly 6–7):

* SSL handshake failures
* HTTPS requests fail
* Connections to APIs/cloud services stop working

### About your specific case

* Your current certificate (**GeoTrust RSA 2018**) is being deprecated, so yes—after April 2026 it may no longer be trusted by newer systems.
* Moving to **GeoTrust TLS RSA CA G1** is the correct step for modern compatibility.

However:

* It will work fine on **newer Android and iOS devices**
* It may **not work on older Android devices**, because they may not trust the newer certificate chain

### Important takeaway

There is **no longer a single SSL certificate that works across all Android versions**.

So if something “doesn’t work with B4A,” it’s almost always:
An **outdated root certificate store on the device**, not your code or the library.

### What you should do

* Move to the newer certificate (GeoTrust TLS RSA CA G1 or equivalent)
* Test against your **minimum supported Android version**
* Decide whether supporting very old Android devices is still worth it

### Reality check

If you must support very old Android versions, your options are limited:

* Find a certificate chain that still supports legacy trust stores (getting rare)
* Implement a custom trust solution (not recommended for security reasons)

Bottom line:
This is an **Android OS limitation + evolving SSL standards**, not a B4A/B4i problem.

Thanks for your help.

Can you send me a link to this chat? You can put it here or DM me if you don't mind?

What about the iPhone? The oldest device I expected is iPhone 8 but I believe that my customers are up to date with their modern iPhones

 

[JohnC]

I simply generated the answer from your post, so just cut and paste both into a new conversation with your AI chatbot to ask follow-up questions.