Upgrade to Passbolt 3.5 from 2.13.5, Centos7 with Apache

Hi, I have an instance with passbolt in version 2.13.5 and we need to update to the latest stable version 3.5.0. The application runs on a Centos7 and Apache web server instead of nginx.

What considerations should I take into account when upgrading? I have doubts about whether the installation was done by script or the installation package.

I thank you in advance for any suggestion.

Hi @widoc93 :wave:

With 2.13.5 version, your passbolt on CentOS is installed from sources. RPM package is available since only few weeks, with 3.4.0 version.

Before upgrading, ensure you have working backups you are able to restore in case of problems.

Then you can migrate to the CentOS 7 package following this documentation but it will configure nginx web server: Passbolt Help | Migrate passbolt CE from install scripts to CentOS 7 package

If you still want to keep the installation from source, you can follow this guide (you will maybe have to upgrade your php version too): Passbolt Help | Update passbolt source install

With package installation on 3.5.0, JWT keys are automatically created for mobile app. With the from-sources installation, you will have to create them, following this documentation: Passbolt Help | How to generate JWT key pair manually

With apache, there is also a known issue with mobile app. Authorization header are ignored if not base64 encoded and you will have to add this rule:

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Best,

1 Like

Hi, @_jc
I have migrated to version 3.5.0 and it works correctly through the web browser, however when trying to configure it in the mobile application, it generates the following error when scanning the QR code:

failed to update user profile: Authentication is required to continue

I have executed the Passbolt Healthcheck on the passbolt server and it only gives me the following warnings and errors in the SSL section, could it have anything to do with this problem?

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] cURL Error (60) Peer’s Certificate issuer is not recognized.

Hi @widoc93 ,

Can you send your mobile app debug logs => Passbolt Help | iOS / Android Mobile FAQ ?

It seems your passbolt domain does not match the domain set in your SSL certificate and it can be the problem. This point of the mobile FAQ explain how to check if certificate matches your passbolt domain name.

Best regards,