search

owntracks / booklet

The definitive OwnTracks documentation
http://owntracks.org/booklet/
43 stars 59 forks source link

IOS app with TLS #28

Closed nilathj closed 7 years ago

nilathj commented 7 years ago

Hi, I'm trying to get the owntracks ios app working with TLS, using letsencrypt certificates on my own domain. I have successfully got the android app working with TLS using the generated .p12 key file, connecting to my private mosquitto mqtt server.

Steps: 1) openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -name "mymosquittocert" -out mymosquittocert.p12 2) renamed .p12 to . otrp 3) Uploaded DST Root CA X3 cert to ipad (Verified check) 4) Uploaded ISRG Root X1 cert to ipad (Verified check) 5) Uploaded Lets Encrypt Authority X3 cert to ipad (Verified check) 6) Uploaded mymqttdomain.duckdns.org cert to ipad (Verified check) 7) Uploaded mymosquittocert.otrp cert to ipad and opened with owntracks. 8) setup private mode, with host as mymqttdomain.duckdns.org, no websockets, TLS, And selected client cert as mymosquittocert.otrp with my passphrase. 9) IPAD General->about->certificate trust settings-> Enabled Full trust for ISRG Root X1 and DST Root CA X3. (don't see any others to enable full trust) 10) NO Custom Security Policy selected. (doesn't make any difference when I select one and select allow untrusted certificates, same error) 11) owntracks is trying to connect to: mqtts://mymqttdomain.duckdns.org:8443 c0 k69 userCJ Gets error: OSStatus error -9831.

Looking up with error is means: errSSLPeerUnknownCA - An unknown certificate authority was encountered. I'm now sure what is unknown about the CA as I've uploaded verified root certs from letsencrypt. What am I missing?

The error on mosquitto mqtt is: 1503144469: OpenSSL Error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 1503144469: Socket error on client , disconnecting.

jpmens commented 7 years ago

Using LE certificates you shouldn't have to do much at all, I think, in particular I don't think you need to import their roots as they're trusted anyway. Try and undo all the changes and see whether iOS OwnTracks will connect to your broker.

The Mosquitto error you show indicates you've configured client certificates on it; which is not possible to do, because Lets Encrypt doesn't offer those.

I am closing this because it's quite the unappropriate issue tracker. If you continue to have problems, please open a new issue on our iOS issue tracker.