Scan qr app android passbolt not working

LuisSalmeronPerez · January 11, 2024, 10:57am

Checklist
[ X] I have read intro post: About the Installation Issues category
[ X] I have read the tutorials, help and searched for similar issues
[X ] I provide relevant information about my server (component names and versions, etc.)
[X ] I provide a copy of my logs and healthcheck
[X ] I describe the steps I have taken to trouble shoot the problem
[X ] I describe the steps on how to reproduce the issue

Hi to everyone!

I’am new for here.

We have a passbolt installation on DEBIAN 12 on an AWS instance.

It is correctly protected with a Wildcard certificate.

Everything works correctly except the mobile APP. We can’t get it to work.

The only way that works for us is by creating the certificate using letsencrypt but we want to use the Wildcard certificate.

The error occurs when scanning the QR in the Android APP.

Logs

9:02:22 App went background
9:02:22 Passphrase cache cleared
9:02:37 File logging tree planted
9:03:12 javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:356)
at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:896)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:236)
at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:218)
at okhttp3.internal.connection.RealConnection.connectTls(SourceFile:379)
at okhttp3.internal.connection.RealConnection.establishProtocol(SourceFile:337)
at okhttp3.internal.connection.RealConnection.connect(SourceFile:209)
at okhttp3.internal.connection.ExchangeFinder.findConnection(SourceFile:226)
at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(SourceFile:106)
at okhttp3.internal.connection.ExchangeFinder.find(SourceFile:74)
at okhttp3.internal.connection.RealCall.initExchange$okhttp(SourceFile:255)
at okhttp3.internal.connection.ConnectInterceptor.intercept(SourceFile:32)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.cache.CacheInterceptor.intercept(SourceFile:95)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.http.BridgeInterceptor.intercept(SourceFile:83)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(SourceFile:76)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.CookiesInterceptor$AddCookiesInterceptor.intercept(SourceFile:57)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.CookiesInterceptor$ReceivedCookiesInterceptor.intercept(SourceFile:38)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.AuthInterceptor.intercept(SourceFile:22)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.ChangeableBaseUrlInterceptor.intercept(SourceFile:40)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(SourceFile:201)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:517)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:656)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:260)
at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:568)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
… 35 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
… 48 more

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:356)
at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:896)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:236)
at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:218)
at okhttp3.internal.connection.RealConnection.connectTls(SourceFile:379)
at okhttp3.internal.connection.RealConnection.establishProtocol(SourceFile:337)
at okhttp3.internal.connection.RealConnection.connect(SourceFile:209)
at okhttp3.internal.connection.ExchangeFinder.findConnection(SourceFile:226)
at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(SourceFile:106)
at okhttp3.internal.connection.ExchangeFinder.find(SourceFile:74)
at okhttp3.internal.connection.RealCall.initExchange$okhttp(SourceFile:255)
at okhttp3.internal.connection.ConnectInterceptor.intercept(SourceFile:32)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.cache.CacheInterceptor.intercept(SourceFile:95)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.http.BridgeInterceptor.intercept(SourceFile:83)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(SourceFile:76)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.CookiesInterceptor$AddCookiesInterceptor.intercept(SourceFile:57)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.CookiesInterceptor$ReceivedCookiesInterceptor.intercept(SourceFile:38)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.AuthInterceptor.intercept(SourceFile:22)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.ChangeableBaseUrlInterceptor.intercept(SourceFile:40)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(SourceFile:201)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:517)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:656)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:260)
at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:568)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
… 35 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
… 48 more
9:03:12 There was an error during transfer update
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:356)
at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:896)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:236)
at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:218)
at okhttp3.internal.connection.RealConnection.connectTls(SourceFile:379)
at okhttp3.internal.connection.RealConnection.establishProtocol(SourceFile:337)
at okhttp3.internal.connection.RealConnection.connect(SourceFile:209)
at okhttp3.internal.connection.ExchangeFinder.findConnection(SourceFile:226)
at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(SourceFile:106)
at okhttp3.internal.connection.ExchangeFinder.find(SourceFile:74)
at okhttp3.internal.connection.RealCall.initExchange$okhttp(SourceFile:255)
at okhttp3.internal.connection.ConnectInterceptor.intercept(SourceFile:32)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.cache.CacheInterceptor.intercept(SourceFile:95)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.http.BridgeInterceptor.intercept(SourceFile:83)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(SourceFile:76)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.CookiesInterceptor$AddCookiesInterceptor.intercept(SourceFile:57)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.CookiesInterceptor$ReceivedCookiesInterceptor.intercept(SourceFile:38)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.AuthInterceptor.intercept(SourceFile:22)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at com.passbolt.mobile.android.core.networking.interceptor.ChangeableBaseUrlInterceptor.intercept(SourceFile:40)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(SourceFile:201)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:517)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:656)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:260)
at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:568)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
… 35 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
… 48 more

We have tried installing the .pem certificate on the mobile.

We have tested on different phones.

We have tried adding the account manually.

Everything works except this.

What can we modify or change?

Thank you in advance

mmichalek · January 11, 2024, 6:44pm

Hello, from the exception message it definitely looks like the system cannot validate the SSL chain for some reason.

We have tried installing the .pem certificate on the mobile.

Did you import the certificate into the Android device like described here (Install as CA certificate?): Passbolt Help | How to import SSL certificate on mobile application? (The app needs to be force-closed and restored after installing)

LuisSalmeronPerez · January 18, 2024, 2:02pm

Hi!

Yes, i follow this guide but doesn’t work.

We must keep in mind that we are using a wildcard certificate, I don’t know if in that case anything changes when the certificate is imported.

Regards