How can certificate path errors on podcast downloads be fixed?

  • 1 Replies

0 Members and 1 Guest are viewing this topic.



  • First timers
  • *
  • 1
    • View Profile
Mobile device podcast apps recently failed on eLife and Genetics with a diagnostic:

     IO Error: Trust anchor for certification path not found

Exact wording varied, but download not being from a ‘trusted source’ is the key.  This also happened in the device browser.  Laptop browsers continued to work fine.

Many thanks to Chris Smith and UKFast technical Paul for “what’s changed” information.  Some podcasts have recently been rehosted to, which uses a different certificate authority.  Here are the steps taken to get things working again on a BlackBerry 10, but the issue is not unique to that device,

Google "Let's Encrypt Client Development › Browser coverage" to see a list

So the procedure is written generically, where possible using Windows laptop as starting point; details will vary on other platforms.  The workaround is to take the certificate from the laptop and move it to the device. 

1.      On the laptop, open the certificates manager, look for “DST Root CA X3”, and export it. 
a.      Control Panel -> Network and Internet -> Internet Options -> Content tab -> Certificates button -> Trusted Root Certification Authorities tab and scroll to “DST Root CA X3” entry under “Issued to” column.
b.      Export button and take the default prompts.  On Browse button, simply use DER on Desktop as destination. You should have a file “DER.cer” on your Desktop when done.

2.      Move the file to the device
a.      Many ways to accomplish; email or USB cable connecting the Device as a flash drive.  Instructions are for the latter.
b.      Connect the device to laptop via USB cable.
c.      On the laptop, open “My Computer” and the device should be under “Network Location”
d.      Double click and select a folder, such as “Downloads”
e.      Drag the desktop file DER.cer to the Downloads folder on the device
f.       Close the device folder and disconnect – not absolutely necessary, but good idea to break the connection cleanly

3.      Install the certificate and make sure it is “Trusted”
a.      These instructions very specific to BlackBerry 10
b.      Open the “File Manager” -> Downloads -> open DER.cer -> Upper right corner, press “Import” and “Certificate Imported” appears momentarily.  Close the File Manager.
c.      Open Settings -> Security and Privacy -> Certificates
d.      Select “Authorities”, scroll down to find “DST Root CA X3” and open it.  If you don’t see it, hit “Refresh” at bottom of window.
e.      Verify “Trusted” is checked, and do so if it is not. 
f.       Close “Settings”

4.      Test your application and browser.  Hopefully, both are working.
« Last Edit: 06/06/2016 08:50:05 by chris »


Offline chris

  • Neilep Level Member
  • ******
  • 5424
  • The Naked Scientist
    • View Profile
    • The Naked Scientists
Thanks Brad! Great tutorial
I never forget a face, but in your case I'll make an exception - Groucho Marx