Self hosted passbolt - Adding to mobile app - SSL error 14094416

When adding my self-hosted passbolt with QR code in the app, the docker logs report “*74 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking”.

I use a star certificate signed by a trusted part. We use the same cert for our business homepage and many other online services with no problem, we host websites for a large corporation with 60 000 employees with no problem with the same STAR cert, so this is strange.

I have added the root and intermediate cert in the STAR crt file as well, but still getting the error.

Any tips to fix this issue? I am pretty sure the cert is ok, alltough the error says otherwise… :slight_smile:

Hi @theck1

You haven’t provided any details about your mobile device. Android or iOS?

The error is known for NGINX.

Troubleshooting would include

  • Passbolt Help | Troubleshoot SSL
  • making sure docker nginx is using your cert
  • restarting nginx service after cert install
  • is CA for cert in docker /etc/ssl/certs
  • is there a reverse proxy serving a different cert

If you haven’t already seen this, the error is known, nginx - SSL handshaking fails - Stack Overflow

Don’t miss the answer linked in the comments of the OP.

Thanks Garret.

I figured it out! Had to add all the intermediate certificates in the cert file provided from CA, in order for android to trust the chain completely. I guess android has higher chain trust demans (TLS 1.3?) than others or something in that manner.

Anyways, issue is resolved :slight_smile: :smiley:

1 Like

I think it’s the NGINX config which requires the protocol level, but the cert setup could not facilitate that.