Error scanning a QR code on Android

AnatomicJC · June 30, 2022, 6:56am

Hi,

When you generate your certificates with this command:

openssl req -x509 \
    -newkey rsa:4096 \
    -days 120 \
    -subj "/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=passbolt.domain.tld/" \
    -nodes \
    -addext "subjectAltName = DNS:passbolt.domain.tld" \
    -keyout key.pem \
    -out cert.pem

You get 2 files:

key,pem
cert,pem

The generated cert.pem file is the certificate you want to be added in Android.

I noticed you are using an IP address instead of a domain name. As written in our documentation:

You can use an IP address instead of a domain name for your self-signed certificate. If you do that, replace DNS with IP in subjectAltName.

So in case of an IP address, the correct command is:

openssl req -x509 \
    -newkey rsa:4096 \
    -days 3650 \
    -subj "/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=192.168.1.138/" \
    -nodes \
    -addext "subjectAltName = IP:192.168.1.138" \
    -keyout key.pem \
    -out cert.pem

Best,