boundstories.net issues with Samsung tablets

[teanndaorsa]

A couple of people have highlighted an issue to me today with boundstories.net (but not the other Plaza sites). Both are using Samsung tablets, and are getting "ERR_CERT_AUTHORITY_INVALID" messages. The site security certificates appear to be fine, I've inspected them directly; we don't manage them anyway, CloudFlare handles them and their renewal automatically and the problem is almost certainly not with that system.

Best advice I can give for people on those tablets is to either update the Samsung Internet Browser, if possible, or to use other browsers like Firefox or Edge which don't appear to be affected.

For what it's worth, the technical specifics: boundstories.net has the Google Trust Services - GTS Root R4 certificate as its signing authority, the other sites use Google Trust Services - GTS Root R1. Both R1 and R4 certificates have been around for a long while, but there may be some reason why the Samsung browser doesn't like the R4 certificate. The CloudFlare forums are already aware of this but fundamentally it's probably a bug in some older software.

[taurired]

Strange.
I checked boundstories.net on Samsung Galaxy Tab Active 3 (with latest update 20 march 2023, One UI 5.1, Android 13, Google Play System Update 1 april 2023) in Samsung's Internet browser and it opens without issues.

[teanndaorsa]

Thanks for checking! One user who gave me a version number of 17.0.7.34 which is from July last year, but that's a security release (20.x.y.z is the latest major version) so it's entirely possible it's something only affecting users stuck on older major versions, even if they've updated them relatively recently.