Error when configuring ios app

cicciobat · April 7, 2024, 1:02pm

Hi everyone, i’m getting an error while i try to set my passbolt ios phone.
I have followed this two guide
Debian/Ubuntu manual HTTPS configuration and How can I import an SSL certificate on mobile application? but i’m getting the following error:

Passbolt:
Device: iPhone
OS: 17.4.1
App: 1.17.4
----------
[2024-04-07 12:46:34] Initializing the app...
[2024-04-07 12:46:34] ...app initialization completed!
[2024-04-07 12:46:34] Verifying data integrity...
[2024-04-07 12:46:34] ...data integrity verification finished
[2024-04-07 12:46:34] [34B8AEBA-47A1-4ACB-92B9-200CE4CD90C2] HTTP GET /lookup
[2024-04-07 12:46:34] [34B8AEBA-47A1-4ACB-92B9-200CE4CD90C2] HTTP 200 /lookup
[2024-04-07 12:46:36] Beginning new account transfer...
[2024-04-07 12:46:36] Beginning importing account kit...
[2024-04-07 12:46:37] Processing QR code payload...
[2024-04-07 12:46:37] ...processing succeeded, continuing transfer...
[2024-04-07 12:46:37] [D97375F7-8FAB-4384-9B7B-18A0358C811D] HTTP POST /mobile/transfers/400af205-3b0d-4957-85c7-a67b82f63b16/754c7013-524f-4779-9c34-9f0d7b58a7e6.json
[2024-04-07 12:46:37] [D97375F7-8FAB-4384-9B7B-18A0358C811D] ServerCertificateInvalid
DiagnosticsContext:
•ServerCertificateInvalid - Untrusted certificate OSFeatures/NetworkRequestExecutor.swift:345
[2024-04-07 12:46:37] ⚠️ ServerCertificateInvalid
DiagnosticsContext:
•ServerCertificateInvalid - Untrusted certificate OSFeatures/NetworkRequestExecutor.swift:345
[2024-04-07 12:46:39] Beginning importing account kit...

passbolt version (4.6.1)
I’m usign passbolt on a local server, so i need to use it only when i’m at home.
There is something that i could do?

Steph · May 17, 2024, 7:57am

Hello @cicciobat!

According to the errors logged, it seems that your iOS doesn’t trust your server certificate.
Did you follow the “How can I import an SSL certificate” procedure entirely without any troubles?

cicciobat · May 17, 2024, 2:54pm

Hi, i confirm that i followed the guide without any errors.

Steph · May 17, 2024, 3:00pm

Okay, that’s surprising a bit. The error message is quite clear on the reason why it can’t reach the server.

Do you know if your passbolt server SSL certificate has any “wrong” values like:

the certificate is expired as the validity period has been reached
the certificate CN is different than your instance domain name

cicciobat · May 17, 2024, 3:04pm

Certificate is not expired, i’m using passbolt on my local, so the common name is the server IP, no?

Steph · May 17, 2024, 3:13pm

I’m not sure how iOS react with certificates on IP addresses.
I think it should be ok though if the IP in the certificate matches the server IP and from your mobile phone you are using that IP address as well.

Do you have any proxy or reverse proxy in between, does the server certificate change at each startup maybe?

cicciobat · May 17, 2024, 4:08pm

No, i haven’t any middle solution like a proxy, the connection is direct to the passbolt server.
Is very strange