Cannot open page with ssl certificate, signed by my own certificate authority | Hyperionics Support Forum

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes

Reply to post

Mark Thread UnreadFlat Reading Mode ❐

Cannot open page with ssl certificate, signed by my own certificate authority

Author Post Essentials Only Full Version
mihanentalpo User Total Posts : 0 Reward points: 0 Joined: 2022/02/12 06:21:25 Status: offline 2022/02/12 10:06:49 (permalink) Cannot open page with ssl certificate, signed by my own certificate authority Hello! I'm almost happy user of Voice aloud reader with payed license. Everything is fine except one major problem: I'm using my own SSL certificate authority to create self-signed SSL certificate for my website with some books. I've added the SSL CA certificate to my Android device, so, all the browsers trust it and certificates signed by it, and can open links from that site. But not the Voice aloud reader. When I try to open link from my site with certificate signed by my authority, I get error message: Error loading page <site url goes here> Exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. Please, could you add functionality so that voice aloud reader could load links with SSL certificates, signed by certificate authority, which is added to android certificates store? I can help you with reproduction of this error on you environment (I'll not gonna send my SSL CA cert and ask you to install it, as it would be a security risk for you) Quote #1 6 Replies Related Threads
Admin Administrator Total Posts : 275 Reward points: 0 Joined: 2010/11/22 00:00:00 Location: USA Status: offline Re: Cannot open page with ssl certificate, signed by my own certificate authority 2022/02/12 10:38:18 (permalink) @Voice can still open "unsecure" http links, in addition to https - will your site permit this? Another possibility - when you get this message, try pressing the "Reload or clear" button on top (circular arrows icon), then press "Load from browser...". See what happens there - can you press some buttons to enable loading a page with an "untrusted" certificate, like you would do in a regular browser? If it does let you do this and the desired page finally loads, press the loudspeaker icon near bottom-right to load the text into @Voice reader screen. I could test this myself, but you would need to send me a link to at least one such page. If the pages are confidential, create a dummy page with whatever text for testing, and send me a link by email. No need to post it publicly in the Forum. Greg Quote #2
Admin Administrator Total Posts : 275 Reward points: 0 Joined: 2010/11/22 00:00:00 Location: USA Status: offline Re: Cannot open page with ssl certificate, signed by my own certificate authority 2022/02/12 10:44:24 (permalink) OK, I found a sample to test: https://self-signed.badssl.com. My advice to use "Load from browser..." does not work, and at this time I don't know how to allow the Android WebView control to open pages with untrusted certificates. Will investigate. Try http link, or consider using free Certify the Web certificates on your web site, they work normally and without any problems. You just need to renew the certificate every 3 months, but most web servers can be configured to do this automatically. Greg Quote #3
mihanentalpo User Total Posts : 0 Reward points: 0 Joined: 2022/02/12 06:21:25 Status: offline Re: Cannot open page with ssl certificate, signed by my own certificate authority 2022/02/12 13:21:15 (permalink) Thanks for an answer! Your experiment with https://self-signed.badssl.com is not quite correctly represents my situation. Let me explain all the conditions: 1) I created my own Certificate Authority (CA) with help of the tool mkcert (https://github.com/FiloSottile/mkcert) CA has it's own certificate files (private and public keys) 2) When I created certificate for my domain, signed it by my CA certificate 3) Of course, if at this time I try to open my domain in browser, it would complain about "Bad SSL Cert" 4) I add my CA certificate to my Android system 5) And now all the browsers trust my certificate. Now, to reproduce this situation: 1) I created NEW my own CA certificates. 2) I've generated certificate for domain https://self-signed.mihanentalpo.me/ 3) If you open it in any browser you'll get error NET::ERR_CERT_AUTHORITY_INVALID 4) But if you install my CA certificate into your system, there will be no problem with this site. Here is the CA certificate (sorry for lots of text) -----BEGIN CERTIFICATE----- MIIExTCCAy2gAwIBAgIQbzkfP+GbPPlDnYEnGyBrFzANBgkqhkiG9w0BAQsFADB7 MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExKDAmBgNVBAsMH21paGFu ZW50YWxwb0BtaWhhbmVudGFscG9TZWNvbmQxLzAtBgNVBAMMJm1rY2VydCBtaWhh bmVudGFscG9AbWloYW5lbnRhbHBvU2Vjb25kMB4XDTIyMDIxMjE3NTUyMFoXDTMy MDIxMjE3NTUyMFowezEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSgw JgYDVQQLDB9taWhhbmVudGFscG9AbWloYW5lbnRhbHBvU2Vjb25kMS8wLQYDVQQD DCZta2NlcnQgbWloYW5lbnRhbHBvQG1paGFuZW50YWxwb1NlY29uZDCCAaIwDQYJ KoZIhvcNAQEBBQADggGPADCCAYoCggGBAN5xpwjl98MPFj4CktRvdDIKSJ+A9ScF AtSO7rve8Qz3LUA43yrUi01feST2WSnq1kcvkvRPAetydCPy7cAFx5E7DMCuY69P 7X+oYoB2u8sY1pl85tJSWy5J7voHc8q3HDm3kvlXobypnEAit6laPJI1q7xjpUXA 70rG5NqOowGgdaZCJTq0VUv6ZmXtOzwpW4GCeXMwEnvj3OGo1gkrIVqPWwSOYaqi TDgBPgcJDyH3DdvyN4P/nOV20tygcF/5bux03JekLLjX6QVfEuYbSbLOlh+LD33S nqfodmXWz3Ri8MEGfA74lV1yNcgRsVkG2+GEp8bEFKHGslotCxU9WQKuv8WuP9t9 e9ItDCa9NGO+5ZIAuStkhIf+w6WRjUPwd40NBBUsZxpbk7k+5TEqKkhoO6wUN7+5 rr8ex2xa/ulxJWWk8QtEDlR/B4Bsok8BbmWO9RaMPG+XZbD0XEVWzFxw4LQ136P+ zz1MbzMLJRa75pjYJED4d3jtdtOS74rjRQIDAQABo0UwQzAOBgNVHQ8BAf8EBAMC AgQwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU+eUdio+i/GqKyMJN/JnC dw62tTowDQYJKoZIhvcNAQELBQADggGBAIREnQshvFmunnzlmtZv9Bp8z6Nb9dU/ 0wrD55GUZVBqUHK5zoq9C0BXljTJr04ZvWFZ6ebGouh4R7SbyoRJS6w1AEDcnb26 rSoXJ7SEV4Njfo5XH+iDWrS5IIYW+cy0QMS2rTNz14lkZhT5afsSHqvGBRi+NSjA ObnYhqGi7zeonUWM4zFHpUBzfHZoHTTEkUd8SJMxlrle4l+eBd9UWzUypNDaZlBz 2H2YTbN844rL2lvqsdclfMwaixuCRlvvE7UuASrPPPVse9sedta5LHPNeUWOTS/u yQ4qJsPdecfeVpfovePbsPlJyk+iiHKSVETAQFq8HOR845msm62f6UZ+dzuwgSYI 4SgIdn+QvXnmCYPR+zqxD/e/QYIyv3Pdadx4Hlcc9xMwbZS9M30A+lik5w4q6P6n k/CKc80D5kmAYMmVCm0BF6pZw7fBfniIg8mkrTUa/4knF/TNbOi9OzCxZLU41NRg VZ8k3eYI21/7gRKIvRsP5eELmnNtmXEUHQ== -----END CERTIFICATE----- 5) It must be saved in some file with "pem" extension (for example), and uploaded to Android device And then it should be added into your system as truster root certificate. 6) If you have Android 11 and newer installation is should be made as follows: In Android 11, to install a CA certificate, users need to manually: Open settings Go to 'Security' Go to 'Encryption & Credentials' Go to 'Install from storage' Select 'CA Certificate' from the list of types available Accept a large scary warning Browse to the certificate file on the device and open it Confirm the certificate install (Instructions taken for here: https://httptoolkit.tech/blog/android-11-trust-ca-certificates/#whats-changed) In other versions installation could be different. 7) After CA certificate is added to your trust store the site https://self-signed.mihanentalpo.me/ should open normally from any android browser. But not from Voice Aloud Reader. Now, then I written all this Im starting to think that if even reproduction is so hard, why should you bother on the problem that somebody creates for itself... Quote #4
Admin Administrator Total Posts : 275 Reward points: 0 Joined: 2010/11/22 00:00:00 Location: USA Status: offline Re: Cannot open page with ssl certificate, signed by my own certificate authority 2022/02/12 14:56:17 (permalink) Thank you for providing the test certificate and web site! I found out that all that I need to do to accept user installed certificates is to add one line of text in the app's network_security_config.xml. Not sure if Google will permit the app in Google Play that way, we'll see what happens when they review the app. For now you may download version 25.4.7 of @Voice from this web site (https://hyperionics.com/atVoice), and it should work as you expect. Greg Quote #5
mihanentalpo User Total Posts : 0 Reward points: 0 Joined: 2022/02/12 06:21:25 Status: offline Re: Cannot open page with ssl certificate, signed by my own certificate authority 2022/02/13 00:10:38 (permalink) I've tried your new version and it works as expected, my website with self-created certificate successfully loads into Voice aloud reader, and everything is fine now. Thank you for quick reaction, honestly I thought that my problem could not be solved this fast. Thanks for the great application! Quote #6
Admin Administrator Total Posts : 275 Reward points: 0 Joined: 2010/11/22 00:00:00 Location: USA Status: offline Re: Cannot open page with ssl certificate, signed by my own certificate authority 2022/02/13 07:42:35 (permalink) Great, thank you for letting me know. Happy reading and listening! Greg Quote #7

Jump to:

© 2024 APG vNext Commercial Version 5.1