'Can't get a secure connection' error on Confluence Data Center and Server mobile app

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

The Confluence Data Center and Server mobile app throws the following error when a user tries to connect it to an existing Confluence server site:

Can't get a secure connection

Either there's a problem with your site's certificate, or you need to install the certificate on your device. 

or

Can't get a secure connection

Either you're not using HTTPS, there's a problem with your site's certificate, or it's not trusted by this device. 

Cause

The errors above appear when you've entered a HTTPS address, but the app can't get a HTTPS connection to your site. 

This may be because:

  • your certificate is self signed.
  • the Certificate Authority (CA) is unknown, or is not one that Android / iOS trusts by default  (for example it might be a new CA that is not yet trusted, or a private CA).
  • your certificate is missing an intermediate CA, affecting the certificate chain.
  • your site has HTTPS enabled, but your proxy is not configured to allow TLS 1.2 traffic.
  • you are using an earlier version of the Confluence Data Center and Server mobile app that did not allow HTTP connections.
  • you're accessing the app on an iOS device and your certificate does not meet Apple's certificate requirements.
  • you are connecting to a version of Confluence Server that does not support the mobile app (6.7.x or earlier). 

Resolution

tip/resting Created with Sketch.

Not an admin? Send this page to your Confluence administrator and ask them to look into the problem for you.

The resolution will depend on the cause of your problem. 

HTTPS

HTTP connections were not supported on earlier versions of the Confluence Data Center and Server mobile app.  If you want to log in to a site that uses HTTP, you'll need to use the following versions of the app:

  • Android app 0.1.40 or later. 
  • iOS app 1.1.0 or later.

Although you can log in with HTTP, in most circumstances we would recommend enabling HTTPS on your Confluence site. 

Tell me how to do this...

There are two main ways you can do this:

To prevent disruptions to your site, we recommend testing these changes in a staging environment first. 

Certificate issues

If your site uses a self-signed certificate, rather than one from a recognised Certificate Authority, you'll need to install the certificate on your device, in order to log in.  Be careful, and always check with your administrator or IT team to make sure you're obtaining the certificate from the right place.

Some browsers will warn you that a site's certificate is self-signed, or from an unknown Certificate Authority, but still allow you to view the site. Even if you've done this, and are able to view the site on your browser, you'll still need to install the certificate in order to log into your site using the app.

Manually install your certificate on an iOS device

To install a certificate on your iPhone, iPad or other iOS device:

  1. Access the certificate on your device (for example, download it from a location provided by your admin, or open it from an email). 
  2. The Install Profile screen will appear. Check the certificate details are correct (1) then tap Install (2). 



  3. A warning will appear. Tap Install again.
  4. The certificate will be shown as Verified on the Profiles and Device Management screen. 
  5. On your device go to Settings > General > About > Certificate Trust Settings
  6. Your new certificate will be listed. Tap to enable it (1). 
     

     
  7. You should now be able to log in to your Confluence site using the Confluence Data Center and Server app. 

These instructions are for iOS 11. Your version may differ. See https://support.apple.com/en-au/HT204477 for more information. 

Manually install your certificate on an Android device

To install a certificate on your Android phone or tablet:

  1. Access the certificate on your device (for example, download it from a location provided by your admin, or open it from an email).
  2. When prompted, name the certificate (1). 



  3. Follow the prompts to install the certificate (2). 
  4. You can verify that the certificate has been installed at Settings > Security > Trusted Credentials > User (1).

These instructions are for Android 7.0.  Your version, or device's implementation, might differ. See https://support.google.com/nexus/answer/2844832?hl=en for more information. 

If you're still unable to connect after installing the certificate on your device, ask your admin to check that the following extension is declared in the certificate file:

X509v3 extensions:
  X509v3 Basic Constraints:
    CA:TRUE

Other certificate problems

If you are using a certificate from a Trusted Authority, you'll need to investigate why your certificate is not trusted by the device, as there may be an issue in the certificate chain. 

The Security and SSL page in the Android developer documentation provides a more detailed explanation of the common problems encountered when verifying certificates.  You can also check the Lists of available trusted root certificates in iOS, for the list of trusted root certificates preinstalled with iOS.  

Apple also introduced additional security requirements in iOS 13. If people in your team will be using the app on an iOS device, your certificate will need to meet these requirements.  See Requirements for trusted certificates in iOS 13

TLS protocol

If you're using HTTPS, your proxy must allow TLS 1.2 traffic. This is an iOS requirement that we've chosen to implement for both the iOS and Android apps to prevent confusion (for example where one device can log in, and another cannot).

Many proxies allow TLS 1.2 by default, but some may require you to explicitly specify it in your proxy configuration.  Alternatively, if your current configuration is from a few years ago, it may not have been updated to specify TLS 1.2. 

For example, if you're using NGINX as your reverse proxy, make sure the listed SSL_protocols in your configuration include TLSv1.1 and TLSv1.2. See Running Confluence behind NGINX with SSL for an example configuration.  


Description

This page covers how to resolve the following scenario: The Confluence Data Center and Server mobile app throws the following error when a user tries to connect it to an existing Confluence server site: Can't get a secure connection.

ProductConfluence
Last modified on Jun 2, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.