New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problems refreshing GUI on mobile (SSL?) #282

Closed
koffienl opened this Issue Oct 6, 2014 · 14 comments

Comments

Projects
None yet
4 participants
@koffienl
Copy link

koffienl commented Oct 6, 2014

Both @incmve and I are having the same problem.
We run pimatic on HTTPS with valid SSL certificate. Every now and then the mobile browser loose connection to the webserver.
On the bottom you see a toast message switching between " Reconnecting ..." and "Could not connect (xhr poll error, retrying ...".

Doing a refresh does not work. Closing the tab does not work. Closing the broswer / rebooting the cell phone does not work.
Only option found so far: deleting the content settings from the browser for that specific URL. After a couple of days, the issue comes back.

We are using the most recent version of Chrome on Android 4.4.3 (but 2 different brand of phones)

@sweetpi

This comment has been minimized.

Copy link
Contributor

sweetpi commented Oct 6, 2014

Did you import the root certificate used for signing to your android devices? (https is display in green in chromes url bar)

@Yves911

This comment has been minimized.

Copy link
Contributor

Yves911 commented Oct 6, 2014

I don't have this trouble on my android device (firefox, android 4.4.4, no import of the root certiticate) but i have this problem on my iphone 3GS device (i need to clear cache to make it working again, few days (weeks) ago it was working after pushing the toast "Reconnecting" message ).

@koffienl

This comment has been minimized.

Copy link

koffienl commented Oct 6, 2014

Did you import the root certificate used for signing to your android devices? (https is display in green in chromes url bar)

It is a valid certificate, but on mobile it gives a error about not knowing/trusting the CA probably Android/Chrome uses other sources of trusted CA than Windows/Chrome.

@sweetpi

This comment has been minimized.

Copy link
Contributor

sweetpi commented Oct 6, 2014

I think the problem is the following:
If you are using a self signed certificate and did not import the root certificate, you get a "warning page" the first time you are opening the page. You accept the warning and all is fine, the page get cached (using html5 application manifest).
Some time later you revisit the page and browser did forget that you accepted the warning. Browser does not load any request, but it displays you the cached page instead of the warning (because it is the fallback if a connection could not be established). So you can never accept the warning again without clearing the cache.

Unfortunately this can not be detected by pimatic, because the mobile frontend can just detect, that the request failed, but can not get the reason.

Because you should import the certificate anyway (for security reason, because else you can not decide if you accepting your cert or someone else signed it) the only real solution is to import your own root certificate into the android / iOS certificate sources.

Solution in short: open http://your-subdomain/root-ca-cert.crt to import it
(you must have the config setting set and should use the script for generation provided by pimatic, or a similar)

Android/Chrome uses other sources of trusted CA than Windows/Chrome.

It used the CA's from android.

@sweetpi

This comment has been minimized.

Copy link
Contributor

sweetpi commented Oct 6, 2014

The (imported) certificate from my linked script works well here on android and desktop. Would be create if someone could confirm it. I would like to put the info into the Q&A or the guide.

@Yves911

This comment has been minimized.

Copy link
Contributor

Yves911 commented Oct 6, 2014

@sweetpi : it seems that importing the certificate solved the problem on iOS (give me few more days to be sure but until now it has solved the problem)

@koffienl

This comment has been minimized.

Copy link

koffienl commented Oct 6, 2014

I'm not sure how I should import the cert?
You mean I should get the CA-root certificate and put it in "ca/certs/cacert.crt" ?

@sweetpi

This comment has been minimized.

Copy link
Contributor

sweetpi commented Oct 6, 2014

You should send the ca-root cert to your android device and open it there to import it. You can store it in "ca/certs/cacert.crt" on your pi, then you can access it via: http://your-subdomain/root-ca-cert.crt and don't need to send it by mail or so...

@koffienl

This comment has been minimized.

Copy link

koffienl commented Oct 6, 2014

It works, but the sideaffect is the my OS (android) requires me to use some sort of unlock code on my device. I don't want that :) So the only option for me is to switch back to non-SSL

@sweetpi

This comment has been minimized.

Copy link
Contributor

sweetpi commented Oct 7, 2014

What I'm doing is that I use Llama to turn the pin code off, if I'm at home. The certificate still keeps valid, if the pin code gets turned of by Llama :D.

@Yves911

This comment has been minimized.

Copy link
Contributor

Yves911 commented Oct 8, 2014

@sweetpi : it seems that importing the certificate solved the problem on iOS (give me few more days to be sure but until now it has solved the problem)

Imported certificate solved trouble on IOS (and works fine on Android + Chrome too)

@sweetpi sweetpi added the Q&A label Oct 8, 2014

@sweetpi

This comment has been minimized.

Copy link
Contributor

sweetpi commented Oct 8, 2014

Cleaned up the issue, added it to the Q&A and added a guide section: http://pimatic.org/guide/getting-started/remote-ssl/

@sweetpi sweetpi closed this Oct 8, 2014

@n3roGit

This comment has been minimized.

Copy link

n3roGit commented Nov 14, 2014

I have found a solution for android users. You can move you self signet cert to the system store with this app:
https://play.google.com/store/apps/details?id=com.nutomic.zertman

@koffienl

This comment has been minimized.

Copy link

koffienl commented Nov 15, 2014

thanks, but unfortunately:

** REQUIRES ROOT **

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment