Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IOS app with TLS #28

Closed
nilathj opened this issue Aug 19, 2017 · 1 comment
Closed

IOS app with TLS #28

nilathj opened this issue Aug 19, 2017 · 1 comment

Comments

@nilathj
Copy link

nilathj commented Aug 19, 2017
edited
Loading

Hi,
I'm trying to get the owntracks ios app working with TLS, using letsencrypt certificates on my own domain. I have successfully got the android app working with TLS using the generated .p12 key file, connecting to my private mosquitto mqtt server.

Steps:

  1. openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -name "mymosquittocert" -out mymosquittocert.p12
  2. renamed .p12 to . otrp
  3. Uploaded DST Root CA X3 cert to ipad (Verified check)
  4. Uploaded ISRG Root X1 cert to ipad (Verified check)
  5. Uploaded Lets Encrypt Authority X3 cert to ipad (Verified check)
  6. Uploaded mymqttdomain.duckdns.org cert to ipad (Verified check)
  7. Uploaded mymosquittocert.otrp cert to ipad and opened with owntracks.
  8. setup private mode, with host as mymqttdomain.duckdns.org, no websockets, TLS, And selected client cert as mymosquittocert.otrp with my passphrase.
  9. IPAD General->about->certificate trust settings-> Enabled Full trust for ISRG Root X1 and DST Root CA X3. (don't see any others to enable full trust)
  10. NO Custom Security Policy selected. (doesn't make any difference when I select one and select allow untrusted certificates, same error)
  11. owntracks is trying to connect to: mqtts://mymqttdomain.duckdns.org:8443 c0 k69 userCJ
    Gets error: OSStatus error -9831.

Looking up with error is means: errSSLPeerUnknownCA - An unknown certificate authority was encountered.
I'm now sure what is unknown about the CA as I've uploaded verified root certs from letsencrypt. What am I missing?

The error on mosquitto mqtt is:
1503144469: OpenSSL Error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
1503144469: Socket error on client , disconnecting.
@jpmens
Copy link
Member

jpmens commented Aug 19, 2017

Using LE certificates you shouldn't have to do much at all, I think, in particular I don't think you need to import their roots as they're trusted anyway. Try and undo all the changes and see whether iOS OwnTracks will connect to your broker.

The Mosquitto error you show indicates you've configured client certificates on it; which is not possible to do, because Lets Encrypt doesn't offer those.

I am closing this because it's quite the unappropriate issue tracker. If you continue to have problems, please open a new issue on our iOS issue tracker.

@jpmens jpmens closed this as completed Aug 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jpmens @nilathj