Invalid SSL Certificate (after pasting .crt/.pem server certificate)

Question

Invalid SSL Certificate (after pasting .crt/.pem server certificate)

markymark501998 opened this issue 3 months ago · comments

markymark501998 commented 3 months ago

I followed the information laid out in #77 where somebody encountered the same "Invalid SSL Certificate" error message. I am using a self-signed CA, but have made sure to download the proper server certificate for what is exposing the web server.

I tried multiple methods:
1 - pasting .crt with -----BEGIN CERTIFICATE----- + contents + -----END CERTIFICATE-----
2 - pasting .crt without -----BEGIN CERTIFICATE----- + contents + -----END CERTIFICATE-----
3 - pasting line item 1 but trimming the line breaks

Any ideas what I could try next?

dreautall · Answer 1 · Fri Jun 07 2024 02:57:51 GMT+0800 (China Standard Time)

Hi, which version of Waterfly are you using, and which certificate (server certificate, CA certificate etc) are you pasting?

There was a recent error in self signed certificate handling.

markymark501998 · Answer 2 · Fri Jun 07 2024 04:43:39 GMT+0800 (China Standard Time)

Latest version from Google Play Store and the server certificate. I do also have the CA installed on my phone (Pixel 8 Pro running GrapheneOS).

dreautall · Answer 3 · Thu Jun 13 2024 03:07:42 GMT+0800 (China Standard Time)

Which certificate are you trying to use? Right now you need to use the server certificate (not CA certificate) with BEGIN & END CERTIFICATE.

I'll probably change that in a future update so that the installed CA certificate in Android is enough.

markymark501998 · Answer 4 · Thu Jun 13 2024 03:09:23 GMT+0800 (China Standard Time)

I used the server certificate in the Waterfly interface with BEGIN & END. Still got the Invalid SSL Certificate message.

I only mentioned the CA certificate to provide context.

dreautall · Answer 5 · Thu Jun 13 2024 03:14:44 GMT+0800 (China Standard Time)

Okay thank you, that's really odd - I'll try to push the update to respect the Android installed certificate store soon (see PR #391), hope that fixes this issue.

markymark501998 · Answer 6 · Thu Jun 13 2024 03:32:08 GMT+0800 (China Standard Time)

Are there any restrictions around key length or expiration? Here are the parameters used when I generated the SSL certificate (yes I use 10 year certificates internally lol).

dreautall · Answer 7 · Sat Jun 15 2024 15:49:01 GMT+0800 (China Standard Time)

It just passes it along to the Android library, so there shouldn't be any issue.

I honestly have no idea why your server certificate does not work. But as I'm changing the behavior anyways to respect CA certificates in the Android Certificate Store (#391), it's not worth to investigate much further.

The weather is too good right now here and I'm not that much in front of my computer, but I hope to get the update out with the CA certificate change soon, sorry until then 😞

markymark501998 · Answer 8 · Sat Jun 15 2024 19:40:41 GMT+0800 (China Standard Time)

No worries! Completely understand.