Error when configuring ios app

Hi everyone, i’m getting an error while i try to set my passbolt ios phone.
I have followed this two guide
Debian/Ubuntu manual HTTPS configuration and How can I import an SSL certificate on mobile application? but i’m getting the following error:

Device: iPhone
OS: 17.4.1
App: 1.17.4
[2024-04-07 12:46:34] Initializing the app...
[2024-04-07 12:46:34] initialization completed!
[2024-04-07 12:46:34] Verifying data integrity...
[2024-04-07 12:46:34] integrity verification finished
[2024-04-07 12:46:34] [34B8AEBA-47A1-4ACB-92B9-200CE4CD90C2] HTTP GET /lookup
[2024-04-07 12:46:34] [34B8AEBA-47A1-4ACB-92B9-200CE4CD90C2] HTTP 200 /lookup
[2024-04-07 12:46:36] Beginning new account transfer...
[2024-04-07 12:46:36] Beginning importing account kit...
[2024-04-07 12:46:37] Processing QR code payload...
[2024-04-07 12:46:37] ...processing succeeded, continuing transfer...
[2024-04-07 12:46:37] [D97375F7-8FAB-4384-9B7B-18A0358C811D] HTTP POST /mobile/transfers/400af205-3b0d-4957-85c7-a67b82f63b16/754c7013-524f-4779-9c34-9f0d7b58a7e6.json
[2024-04-07 12:46:37] [D97375F7-8FAB-4384-9B7B-18A0358C811D] ServerCertificateInvalid
•ServerCertificateInvalid - Untrusted certificate OSFeatures/NetworkRequestExecutor.swift:345
[2024-04-07 12:46:37] ⚠️ ServerCertificateInvalid
•ServerCertificateInvalid - Untrusted certificate OSFeatures/NetworkRequestExecutor.swift:345
[2024-04-07 12:46:39] Beginning importing account kit...

passbolt version (4.6.1)
I’m usign passbolt on a local server, so i need to use it only when i’m at home.
There is something that i could do?

Hello @cicciobat!

According to the errors logged, it seems that your iOS doesn’t trust your server certificate.
Did you follow the “How can I import an SSL certificate” procedure entirely without any troubles?

Hi, i confirm that i followed the guide without any errors.

Okay, that’s surprising a bit. The error message is quite clear on the reason why it can’t reach the server.

Do you know if your passbolt server SSL certificate has any “wrong” values like:

  • the certificate is expired as the validity period has been reached
  • the certificate CN is different than your instance domain name

Certificate is not expired, i’m using passbolt on my local, so the common name is the server IP, no?

I’m not sure how iOS react with certificates on IP addresses.
I think it should be ok though if the IP in the certificate matches the server IP and from your mobile phone you are using that IP address as well.

Do you have any proxy or reverse proxy in between, does the server certificate change at each startup maybe?

No, i haven’t any middle solution like a proxy, the connection is direct to the passbolt server.
Is very strange