Hi,
I have a passbolt docker installation. I used self-signed certificate. The web-browser detect my certificate is valid and i configure the IOS app without problems. But when i try to configure windows app after i write the passphrase , the app is close. Do you know whats the problem?
Thank you
G’day cheperun.
Your self-signed Root Authority certificate needs to be imported into the Windows Trusted Root Certification Authorities Store.
I use a script to generate a bunch of TLS (x.509) certificates for my demo repo.
https://github.com/gyaresu/gareth-passbolt/blob/main/scripts/generate-certificates.sh
-rw-r--r--@ 1 gareth staff 2904 13 Oct 15:33 passbolt-chain.crt
-rw-r--r--@ 1 gareth staff 1489 13 Oct 15:33 passbolt.crt
-rw-r--r--@ 1 gareth staff 1127 13 Oct 15:33 passbolt.csr
-rw-------@ 1 gareth staff 1704 13 Oct 15:33 passbolt.key
<snip>
-rw-r--r--@ 1 gareth staff 1415 13 Oct 15:33 rootCA.crt
-rw-------@ 1 gareth staff 1708 13 Oct 15:33 rootCA.key
-rw-r--r--@ 1 gareth staff 41 13 Oct 15:33 rootCA.srl
it’s the rootCA.crt file that you can then import into the certificate manager in windows.
Your passbolt server is using a self signed certificate based off the rootCA.key and the rootCA.crt is the public key that proves your server is signed by the key you’re trusting.
When you import the account-kit.passbolt after trusting the root Certificate Authority (rootCA) you should find that it’s working now over TLS.
Let me know if you need more advice.
Cheers
Gareth
Hi Gareth,
Thanks for your reply. I try to create a self signed with your script but i have the same error. In my browser the certificate is validate in my iPhone too but in my windows app it’s close automatically. I import rootCA.crt into certificate manager. Do you know what happens or where passbolt save the logs?
Thanks,
Sergio
G’day cheprun.
The passbolt windows app releases page has a Debug version with each release (2.4.0.0 at the moment)
https://github.com/passbolt/passbolt-windows/releases
Debug setup instructions:
https://github.com/passbolt/passbolt-windows?tab=readme-ov-file#debug-version-alternative
You will also need to remove your current Passbolt credentials from Credential Manager.
I will say however that I’m 99% convinced the issue is with the certificates and trusting your self-signed cert.
If you have a self signed cert I would make sure that the keys are the right one’s as files, and also that your server is issuing the correct one.
You can check certs with commands like:
# cert info
openssl x509 -in rootCA.crt -text -noout
openssl rsa -in rootCA.key -check -noout
# check live cert
openssl s_client -connect passbolt..example.com:443 -showcerts
# check cert against CA
openssl verify -CAfile rootCA.crt passbolt.crt
# importing into windows store
## powershell
Import-Certificate -FilePath "C:\path\to\rootCA.crt" -CertStoreLocation Cert:\LocalMachine\Root
## shell
certutil.exe -addstore -f "Root" "C:\path\to\rootCA.crt"
Good luck mate. Here if you have questions.
Gareth
Hi Gareth,
After many attempts i couldn’t install windows app. I create the rootca.crt with your script. I imported in web browser and my iPhone and it’s working fine, but windows app crash(not show any messages, in your case you can see a message error, in my case app close) . I import this certificate to local machine→ root certificate authority but not working.
I think i’m going to use mobile app or web browser.
Thank you for your help,
Hello @cheperun
When you say the app crash, if I understand well, it doesn’t show a blank page but totally disappear instead right?
Were you able to proceed with the import of the account kit?
Hi ,
After import account kit, the first time want to introduce the passphrase, after introducing it the app dissapear at the moment. i open the task manager if i can see the process but it isn’t.
Thanks,
