diegogarciadev
commented
2 years ago Can you send me an screenshot when you hit configure button? Thank you!
Closed SonGokussj4 closed 2 years ago
diegogarciadev
commented
2 years ago Can you send me an screenshot when you hit configure button? Thank you!
SonGokussj4
commented
2 years ago I've found out part of the problem. It was the public directory mount. From within docker, for some reason, it didn't give me the whole structure. So I fixed that by mounting only the file inside the public folder.
volumes:
- ./app_data:/config
- ${PWD}/snipeitapp_config.php:/var/www/html/public/snipeitapp_config.phpNow I can access the site (https) from https://snipeit.<MYSERVER>.cz/snipeitapp_config.php
On my phone though, this raised a warning - missing certificate.
So I imported work CA certificate chain, opened a chrome tab and it appears to be working. As seen on screenshot.
But from the app, there is an error I don't understand. Trust anchor for certification path not found. Screenshot here.
diegogarciadev
commented
2 years ago You need to install de CA certificate on your device, then it will works fine
SonGokussj4
commented
2 years ago Well... Maybe I wrote it badly, sorry for my English.
I've grabbed my 2 CA certificates, made it into one, copied it to SD card and then installed through
I've shown you a screenshot of when I opened a Chrome on my phone and went to the https://snipeit.<MYSERVER>.cz/snipeitapp_config.php where everything works, api_key is shown and clicking on the lock before URL, there is Connection is secure , upon clicking on that, that is the screenshot.
So certificate should be fine.
Now when I paste the same URL to the snipeitapp, it shows me the error. Not sure why the app can't see the certificate?
jdrdigitect
commented
2 years ago I can confirm the same certificate error from my Samsung phone. I have no issues browsing to the https://
diegogarciadev
commented
2 years ago The problem is that device doesn't have the full chain of certs. Chrome os using a custom one, that's the reason why the page is seen as valid.
Crome updates the certificates by the device doesn't
SonGokussj4
commented
2 years ago So what is the solution for this? I don't fallow.
diegogarciadev
commented
2 years ago Please check the following options:
"That error is usually due to a misconfigured certificate or a misconfiguration with the webserver config files as it relates to certificates… I suggest going to this web page and checking your certificate for issues.
https://www.digicert.com/help/
By the way, here are the most common reasons for that error: The CA that issued the server certificate is not known. The certificate was self signed rather than signed by a CA The web server config does not have an intermediate CA"
SonGokussj4
commented
2 years ago I can't check for Server Address: (Ex. www.digicert.com) on the site, because our server is only on our local network.
It's not accessible through the internet.
Only local computers and few of our mobile phones (with permitted MAC addresses) are able to visit our local installation of snipeit.
The CA that issued the server certificate is not known.
I think it is. Chrome and other browsers, devices, they don't have a problem with it
The certificate was self signed rather than signed by a CA
Is was issued by our company CA (not online one)
The web server config does not have an intermediate CA"
Not sure what that means
diegogarciadev
commented
2 years ago Can you run this command in one computer that can reach the snipe-it installation?
Replace www.thedomaintocheck.com:443 with your URL
openssl s_client -debug -connect www.thedomaintocheck.com:443
SonGokussj4
commented
2 years ago I've hidden (... HIDDEN) locations, our names, and so on.
openssl s_client -debug -connect MY_HOST:443
CONNECTED(00000003)
write to 0x7a73c0 [0x7b7930] (289 bytes => 289 (0x121))
0000 - 16 03 01 01 1c 01 00 01-18 03 03 40 e1 79 a7 b4 ...........@.y..
0010 - c0 c6 28 5d 10 bc 4b 0f-2d 74 4c 0d c2 6b af f0 ..(]..K.-tL..k..
...
...
06f0 - 96 fc f4 a1 42 67 85 78- ....Bg.x
depth=2 C = CZ, L = ... HIDDEN
verify return:1
depth=1 C = CZ, L = ... HIDDEN
verify return:1
depth=0 C = CZ, ST = ... HIDDEN, CN = MY_HOST, emailAddress = postmaster@ .. HIDDEN
verify return:1
read from 0x7a73c0 [0x7bce93] (5 bytes => 5 (0x5))
0000 - 16 03 03 01 4d ....M
read from 0x7a73c0 [0x7bce98] (333 bytes => 333 (0x14D))
0000 - 0c 00 01 49 03 00 17 41-04 4e 7a fa dc 7b b5 1a ...I...A.Nz..{..
0010 - 1e f8 53 0c 58 fa d1 c1-7f e3 39 5c 5b 5f e6 15 ..S.X.....9\[_..
...
...
0020 - 48 0f aa a8 f6 e7 ae e7- H.......
---
Certificate chain
0 s:/C=CZ/ST=.....HIDDEN
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIG6jCCBdKgAwIBAgITWAAAApVZa3pjDB5dLwAAAAAClTANBgkqhkiG9w0BAQsF
...
...
-----END CERTIFICATE-----
subject=/C=CZ/ST=.....HIDDEN
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2380 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: A2E4289E ...HIDDEN
Session-ID-ctx:
Master-Key: 3D2C ....HIDDEN
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - 2c 8f 76 aa 7d f7 96 ad-dc bf 80 cf 3f 0e fc 68 ,.v.}.......?..h
0010 - a6 25 4e 3e 76 47 6d 72-93 6b 5b 24 a9 b0 57 80 .%N>vGmr.k[$..W.
.... HIDDEN
Start Time: 1645544672
Timeout : 300 (sec)
Verify return code: 0 (ok)
---A new update is in progress, you will be able to skip SSL validation. It should work now.
Remember that you can help me to keep de develop of this app contributing with a cup of coffee : https://paypal.me/diegogarciadev
jdrdigitect
commented
2 years ago I'll update my experience for those who come across this thread.
Unlike @SonGokussj4 I was using a 3rd-party certificate from GoDaddy and received the same error. The issue was that the Android OS includes the GoDaddy Root certificate in its certificate store, but not the two intermediate certificates that lead to the root (or maybe the two recent intermediate certificates). You are able to bypass the error if you install the GoDaddy Intermediate certificates as a trusted CA certificate on the Android device. Logistically, this solution has its drawbacks and potential security risks. Potentially this issue could be resolved after an OS update. The option to skip SSL validation may be a reasonable one for some users.
diegogarciadev
commented
2 years ago I'll update my experience for those who come across this thread.
Unlike @SonGokussj4 I was using a 3rd-party certificate from GoDaddy and received the same error. The issue was that the Android OS includes the GoDaddy Root certificate in its certificate store, but not the two intermediate certificates that lead to the root (or maybe the two recent intermediate certificates). You are able to bypass the error if you install the GoDaddy Intermediate certificates as a trusted CA certificate on the Android device. Logistically, this solution has its drawbacks and potential security risks. Potentially this issue could be resolved after an OS update. The option to skip SSL validation may be a reasonable one for some users.
Thank you for your comment, It would help some users to solve the issue. Regards!
Hello, trying to make your app work but have some problems
Describe the bug When I try to configure the APP, it keeps saying
File /snipeitapp_config.php not found in server, review previous stepsTo Reproduce I've set up snipeit as docker with docker-compose (seen bellow) and Traefik as reverse proxy. It runs well on it's own.
I'm copying the file into containers
/var/www/html/public/snipeitapp_config.php<-- Is this correct?Now the thing is:
http://<SERVER>:9999/snipeitapp_config.phpin PC browser, it gives me back the{"api_key": "xxxxx"}response.http://<SERVER>:9999/snipeitapp_config.phpin MOBILE browser, it gives me back the{"api_key": "xxxxx"}response. (so no problem with device)Not sure what the problem could be.
Smartphone: