kylegp
March 19, 2020, 9:21pm
1
Hi there,
I configured Invoice Ninja to use HTTPS, configured a self signed certificate and enabled it in Apache.
It works fine when I go to https://myserver and I just have to allow an exception since it’s a self signed certificate.
When I try to login via the Android app, it says:
CERTIFICATE_VERIFY_FAILED: self Signed certificate (handshake: cc:354).
So how can I allow signing in via the Android app with a self signed certificate?
App was logging in to my self host just fine prior to using SSL.
hillel
March 19, 2020, 9:56pm
2
kylegp
March 20, 2020, 4:16am
3
Thanks Hillel, I changed to a letsencrypt cert and am able to login fine via the Android app now.
hillel
March 21, 2020, 6:37am
4
Awesome, glad to hear it!
Hi,
I have the same issue, however i am using local CA cert not a self signed, and the root CA i have is added to my trusted authorities in my phone.
Other apps hosted on the same server is working fine with no issues, and i don’t have the option to use letsencrypt as this is not a public domain.
Any idea how to get it working ??
hillel
October 12, 2020, 6:30am
6
Hi,
I suggest using Let’s Encrypt instead
Hello,
I don’t have a public domain to use for letsencrypt cert, so it is not a option as far as i know.
As i mentioned, this is an in-house CA cert and the root CA is trusted by the phone.
hillel
October 12, 2020, 3:04pm
8
Using Let’s Encrypt typically solves cert problems
Last updated: Dec 21, 2017 | See all Documentation Sometimes people want to get a certificate for the hostname “localhost”, either for use in local development, or for distribution with a native application that needs to communicate with...
Hi,
Not sure which part of the article you sent should help me.
When I read the article it is not supported to issue a cert for localhost.
Similar to my situation i am using domain abc.loc which not a public domain.
hillel
October 12, 2020, 3:46pm
10
Sorry, I misread the article.
I’m not sure, I assume the problem is with the certificate. If you’re a developer it should be possible to build a custom version of the app which overrides the certificate check.
android, ssl, flutter
I am jot unfortunately, which CA store the app use to verify the certificate though?
My certificate is signed by a CA that my phone trust.
hillel
October 12, 2020, 4:54pm
12
I assume the app should use the phone’s default but I see many matches on Google when searching “CERTIFICATE_VERIFY_FAILED: self Signed certificate”
I have bitwarden application on the same phone, and using the same certificate, and it is working fine after i have installed the root CA into my phone.
Hopefully we can have someone who can look deeper at the code and help me to get this fixed.
hillel
October 13, 2020, 3:22am
14
I’m the main developer of the Android app…
I think the problem is that the programming language we’re using doesn’t support self signed certificates. I don’t have a solution for v4 but we’ll look into this for v5.
I can acces invoice ninja using the web browser, the issue is on the android mobile app.
Also it I can access the app perfectly using my mobile internet browser and it doesn’t complain about the certificate either which means the browser recognized the root certificate i added to phone.
Thanks for your answers anyway, and i have disabled theb auto forward to ssl for now and hopefully will get a working version at some point.
hillel
October 13, 2020, 3:51am
16
The problem is caused by the mobile app’s programming language. Dart uses a virtual machine which has it’s own root certificate, there are more details here:
opened 01:57PM - 29 Jan 16 UTC
closed 10:15PM - 23 Aug 18 UTC
area-library
library-io
I am behind an *_Iron Port firewall *_in the office, on Windows. Could be me, b… ut I found and tried 'https_proxy' and 'http_proxy', and versions of the Dart SDK from 1.12 to 1.15.0 Dev today, including 1.12, 1.13., 1.14, and 1.15.0 Dev, from 1/28/2016 (latest.)
I am trying to run the Dart, Angular2, getting started. Only getting packages from pub.dartlang.org.
On 15.0.0 from Dev today, the error is **407, Proxy Authentication Required.**.
The pub get trace logs are attached.
[pub-get-proxy.zip](https://github.com/dart-lang/sdk/files/109809/pub-get-proxy.zip)
If I set https_proxy, get the same issue, I can set both without or with my password to the Iron Port proxy address. like https_proxy=iport:80, https_proxy=crodier:password@iport:80. Also with and without http_proxy, which has no impact on Dev.
The interesting bits:
- npm works from behind the proxy, without any configuration
- Maven and other http fetching tools, are ok behind the proxy, without any configuration (usually)
- git has issues, not with git clone git protocol, but git https protocol
- Between my windows machine and the Iron Port firewall, **_TLS 1.0**_ is used.
- My guess: TLS 1.0 between me and the proxy is no longer supported by BoringSSL, or needs flags to be allowed.
- In our case, TLS 1.0 is only between my machine and the Iron Port, on a closed network, which is not great, but not in the wild
- The certificate used is the Iron Port certificate, for my organization, which has been given trust by root authorities.
- Windows 7 Professional
I reviewed the alternative, manually downloading the packages, but not being able to run pub get is a major deterrent.
While I could investigate with the networking team, I doubt this leads to any changes in the proxy setup in my organization. It is also difficult to justify that investigation, with other tools working ok, and the proxy generally working, and being a vendor (Iron Port) firewall.
Dart looks to be an incredible platform, and I post in the hopes this is helpful. I also apologize, but I doubt I will be able to learn the code and work on the issue my self in the SDK etc. I can offer to re-test if there are changes to Dev, With guidance, I may be able to work on the sdk issue itself.
Best regards,
Chris
Thanks, this post is 4 years old, do we know when V5 is expected?
hillel
October 13, 2020, 5:40pm
18