Can't use mobile app

Tried many times, but sorry, not working at all. On iPhone, it says the Server was not reachable (the same url works in mobile browser). On Android says AIM the camera at the QR Code, then Scaning QR code and Something went wrong. I used a self-signed cert with private domain name. Then I changed to FQDN with Let’s Encrypt certs and no luck. Same errors. QR reader shows correct url with some another hashes.

Hi @tlamik ,

Did you tried our latest releases ? Did you followed this guide from Apple to add self-signed certificates ?

Thanks,

Hi, Yes I am on lastest releases. As I wrote I used self-signed certificate, which was not working and then I change to FQDN with Let’s Encrypt certificate, which should be OK on Adnroid, but it is not working.

Today I updated Android app and turn on debug logs and I saw some SSL anchor errors, so I made some changes to my apache conf and now I am able to scan QR and login to my passbolt server, but immediately after login, I get Something went wrong error and debug logs:
20:19:16 Checking biometry state
20:19:16 β†’ GET https://passbolt.mydomain.org/avatars/view/79660ac3-003a-4405-aca7-915c33f4aae6/medium.jpg http/1.1
20:19:16 ← 200 OK https://passbolt.mydomain.org/avatars/view/79660ac3-003a-4405-aca7-915c33f4aae6/medium.jpg (89ms, unknown-length body)
20:19:29 Getting server pgp and rsa keys
20:19:29 β†’ GET https://passbolt.mydomain.org/auth/verify.json http/1.1
20:19:29 ← 200 OK https://passbolt.mydomain.org/auth/verify.json (173ms, unknown-length body)
20:19:29 β†’ GET https://passbolt.mydomain.org/auth/jwt/rsa.json http/1.1
20:19:29 ← 200 OK https://passbolt.mydomain.org/auth/jwt/rsa.json (114ms, unknown-length body)
20:19:29 Getting server pgp and rsa keys succeeded
20:19:29 Verifying server fingerprint
20:19:29 Server key fingerprint is valid
20:19:29 Preparing sign in challenge
20:19:30 Prepared sign in challenge
20:19:30 Signing in
20:19:30 β†’ POST https://passbolt.mydomain.org/auth/jwt/login.json http/1.1 (1270-byte body)
20:19:30 ← 200 OK https://passbolt.mydomain.org/auth/jwt/login.json (369ms, unknown-length body)
20:19:30 Sign in success
20:19:30 Decrypting challenge.
20:19:30 Challenge decrypted successfully
20:19:30 Verifying challenge
20:19:31 Challenge verified with success
20:19:31 Checking MFA status
20:19:31 MFA not required
20:19:31 Authentication success
20:19:31 Passphrase cache cleared
20:19:31 Passphrase cached
20:19:31 Fetching feature flags
20:19:31 β†’ GET https://passbolt.mydomain.org/settings.json http/1.1
20:19:31 ← 200 OK https://passbolt.mydomain.org/settings.json (186ms, unknown-length body)
20:19:31 Feature flags fetched
20:19:35 [Session] Attaching base networking presenter for HomeFragment{dd3d7ad} (e3528c76-3541-4182-b70b-ac41b09ecc0a id=0x7f0a010b)
20:19:35 [Session] Listening for new session events
20:19:36 β†’ GET https://passbolt.mydomain.org/avatars/view/79660ac3-003a-4405-aca7-915c33f4aae6/medium.jpg http/1.1
20:19:36 ← HTTP FAILED: java.net.SocketException: Broken pipe
20:19:36 β†’ GET https://passbolt.mydomain.org/avatars/view/79660ac3-003a-4405-aca7-915c33f4aae6/medium.jpg http/1.1
20:19:36 β†’ GET https://passbolt.mydomain.org/resources.json?contain[permission]=1 http/1.1
20:19:36 ← 200 OK https://passbolt.mydomain.org/avatars/view/79660ac3-003a-4405-aca7-915c33f4aae6/medium.jpg (143ms, unknown-length body)
20:19:36 ← 401 Unauthorized https://passbolt.mydomain.org/resources.json?contain[permission]=1 (108ms, unknown-length body)
20:19:36 retrofit2.HttpException: HTTP 401 Unauthorized
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)

retrofit2.HttpException: HTTP 401 Unauthorized
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
20:19:36 Authenticated operation runner com.passbolt.mobile.android.feature.authentication.session.AuthenticatedOperationRunner@f7e9543 waits for auth refresh
Trying to refresh session in background
20:19:36 β†’ POST https://passbolt.mydomain.org/auth/jwt/refresh.json http/1.1 (105-byte body)
20:19:36 ← 200 OK https://passbolt.mydomain.org/auth/jwt/refresh.json (133ms, unknown-length body)
20:19:36 Background session refresh succeeded
20:19:36 Authenticated operation runner com.passbolt.mobile.android.feature.authentication.session.AuthenticatedOperationRunner@f7e9543 restarts initial operation
20:19:37 β†’ GET https://passbolt.mydomain.org/resources.json?contain[permission]=1 http/1.1
20:19:37 ← 401 Unauthorized https://passbolt.mydomain.org/resources.json?contain[permission]=1 (114ms, unknown-length body)
20:19:37 retrofit2.HttpException: HTTP 401 Unauthorized
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)

retrofit2.HttpException: HTTP 401 Unauthorized
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
20:19:38 [Session] Detaching base networking presenter for HomeFragment{dd3d7ad} (e3528c76-3541-4182-b70b-ac41b09ecc0a id=0x7f0a010b)

We published this FAQ: Passbolt Help | Troubleshoot SSL

can you have a look just to eliminate any potential issue linked to your certificate

Thanks,
Max

Another though,

Apache seems to discard the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your apache config:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Cf Authentication Β· tymondesigns/jwt-auth Wiki Β· GitHub

Cheers,

1 Like