EVE Technology Lab

Simplest thing to do is find a way to include the needed certificate yourself.

On the mod for phpBB I've been coding for the last years, I had somewhat similar problems.
I'm using cURL (as a PHP extension) which requires a valid certificate to gather data over SSL connections.
Some providers seem not to have installed them, or at least not correctly.
After a few hours of searching, I managed to find a workaround which allows me to use the certificate I'm supplying with the package, after having it extracted from Firefox.

I'm not sure why you would be saying that Android doesn't allow the installation of CA certificates, since the first hit on Google when searching for Android install CA certificate redirects me towards the official Android support wiki, explaining in detail on how to manually install any certificate.
http://support.google.com/android/bin/answer.py?hl=en&answer=1649774

Question is whether or not that can be automated using Aura's installer.


As to why Chrome uses a different set of certificates, we can only guess, where the following seems to be most likely.
Knowing that Chrome (for Android) is a seperate browser and does have nothing to do with the default build-in browser, I can only assume that Google was running into the same problems as you are having; Outdated Android having outdated list of certificates, due to phone vendors customizing Android (which takes time) to make their phones unique (which takes time) and thus not using the time to update the phone's Android version every time a new version is released. After a while new phones are introduced and old phone support (read: Android customization and updating) stops, silently encouraging you to buy a new phone.
After having the big problems with SSL vendors (CA's) being hacked (DigiNotar, July 2011) and thus providing very dangerous and unsecure certificates, I can only assume Google choose to use a different set of certificates in Chrome, knowing that it's a seperate application that can be easily updated by the Google Market (now known as Play Store) without having to worry about backwards compatibility on older Android versions.
When certificates are being added (which doesn't happen alot) or certificates being revoked (kinda rare too) you can just release a new version of Chrome (for Android) without having to worry about the complications of having to add / remove the certificate from Android itself.

But its just older phones.

Sorry to say, but not verifying any certificate is just stupid. Specially on phones (and some tablets), where most internet connections are being made with 3g (except for WiFi when at home/work), and as we all know those providers are now using DPI (http://en.wikipedia.org/wiki/Deep_packet_inspection).
Now that we (as devs) are forced to use SSL, we might aswell implement it correctly, with verification.

And CCP will not change the certificate per se, since they rent the certificate from RapidSSL, whom in turns rents a license for being a CA from GeoTrust. The only thing they can change is the CA vendor, and that will only require importing another certificate into the user's old Android phone.

Another thing that should be noted is that every program can use any certificate that's installed on Android, meaning that you only have to install the certificate once for all programs to use.

Also, try not to blame these certificate issues on CCP. Even though I agree that the change was sudden, in my opinion without any heads-up, the core of the problem lies with Android.
http://code.google.com/p/android/issues/detail?id=10807

love to see a fix, your app is pritty much indispensable... keep it up

No it isn't, but SSL is.
Since we are forced to use SSL and implementation of certificates (with verification!!) is easy and fast to do, why not make use of it?