i'm facing problem when implementing ssl to my web. My web work as web services for android and ios. All goes very smooth until i implement the SSL certificates, suddenly the android (most of android except samsung) throw this error :

E/ErrorHTTP: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

then i google and landed to here :

1. google says about the error
2. support the google statement
3. work around for the error to accept the not valid ssl

it says that mostly happened because of :

1. The CA that issued the server certificate was unknown

2. The server certificate wasn't signed by a CA, but was self signed

3. The server configuration is missing an intermediate CA

Those three options already ruled out, i already check with ssl checker. Its none of those above, it's not unknown, it's not self signed, we're using comodo and the intermediates and root certificates also valid, you can check here : ssl checker for my link, you can check it by yourself.

And now i'm stuck, the certificate is valid. The certificate also can open in samsung, but somehow fail in some other brand, for example xiao mi. I don't know where to look now, is it the :

1. the ssl configuration, i need to keep digging, even though it marked as valid in most validator.
2. make the android code more vulnerable, even some brand can access it, i mean is it because the brand or how ?.

The spec im using :

1. ASP .Net Core 2.0.

2. Kestrel.

3. Comodo certificates.

4. Native android.

Please help !, thank you.