connection on HTTPS

[plegall]

It seems that Remote Sync can't connect on HTTPS or maybe on HTTPS with self-signed certificate, as described on http://fr.piwigo.org/forum/viewtopic.php?pid=216522#p216522

Tell me if you have a Piwigo behind HTTPS for testing (I should be able to provide one)

[ghost]

Can you start the application like mentioned here please : https://github.com/Piwigo/Piwigo-Java#troubleshooting ?

Is the remote gallery version > 2.6? Because, it was never tested with older versions. Maybe a test of the version would be a good thing.

And finally, yes a HTTPS gallery would be useful.

[ghost]

It seems to work with HTTPS. But I must investigate with self signed certificates.

I can add an option to ignore SSL certificate problems, and just log a warning instead of throwing an Exception.

[rorrison]

I've just set up a Let's Encrypt certificate on my test site - https://test.orrison.com/piwigo, and am getting an error: [ERROR] Unable to connect : SSL certificate exception (Please use option 'Trust SSL certificates') [ERROR] Error in sync

This isn't a self-signed certificate, but I tried ticking the "Trust self signed SSL certificates" option anyway, but it didn't help.

(That's perhaps a separate bug: the error message says "Please use option 'Trust SSL certificates'" but the option is actually "Trust self signed SSL certificates".)

I'd be happy to set up a login for you on that test site.

I have been using the remote sync on this site for some time, without any problems until I installed the certificate. I'm on Piwigo 2.7.4, and I think the latest Remote Sync (it doesn't show a version number).

Also perhaps significant: I've turned on rewriting from http: to https: and Strict-Transport-Security.

Java debug log attached: remotesync-log.txt

Final update for this test case: Java (current version 8 Update 73 on Windows) doesn't include the necessary root certificates for Let's Encrypt, so it looks like a Java problem. It is possible to add root certificates to Java.

[rorrison]

Another test case: https://orrison.com/test/piwigo works ok, using a certificate issued by Comodo.

[mhelleboid]

Can you try again the trust ssl certificates option?

[rorrison]

It is now connecting fine on my test site with a Let's Encrypt certificate. Using v0.0.13 and Java version 8 update 101 (update 101 included the root certificate used by Let's Encrypt). It works with and without the "Trust SSL certificates" option.

[mhelleboid]

Can you make the same test with an older java version?

[Valou447]

Hello @rorrison,

Thank you for reporting this to us. As Java 7 is now the minimal requirement for using this tool, this should cause no problems with the SSL certificates.

Have a great day !