I am intermittently getting an "untrusted certificate" error when making SSL connections. I only ever connect to one host, and it works sometimes and not others. I can't see any pattern.

I am making an SSL connection using CSecureSocket. I am using Series 60 v3 only. The SSL connection is to my own site. I have generated my own CA cert and installed that on the phone.

I used to have no problems at all with this, but I had a customer who's phone gave KErrSSLAlertIllegalParameter (-7547) at the handshake stage. I discovered this: KIS000322_-_Secure_sockets_need_additional_configuration_on_S60_3rd_Edition and implemented it.

After the change, my SSL connections seem to work as they should, though it is now more "fussy" about connecting. If I connect to my server using the wrong domain (e.g. if I connect to my.server.com:443, but the cert applies to myssl.server.com:443) then I get an "untrusted certificate" pop up dialog. If I connect to the right domain, then I don't get the dialog.

So, I should be happy right? It all seems to work?

Wrong.

Every now and again - it seems to happen soon after installing my application and within the first 5 or 6 SSL connections - I get an "untrusted certificate" dialog pop up. I only connect to a single host. The domain name matches. If I hit "back" (to say don't accept the certificate) then when my code next tries a connection it works.