Rocket.Chat.iOS icon indicating copy to clipboard operation
Rocket.Chat.iOS copied to clipboard

Published 20 hours ago verified publisher icon RocketChat

[QUESTION] IOS Rocket.chat 3.1.1 cannot connect to local server

Open nuvitu opened this issue 6 years ago • 21 comments 

OS: Ubuntu 18       
Your Rocket.Chat app version: 3.1.1
Your Rocket.Chat server version: 0.71.1
Device (or Simulator) you're running with: iPhone 7 plus (iOS 12.1)

When trying to connect to our local server i just get a alert "could not establish the secure connection to the server ios local server"

I used these steps to install server:

  1. Install server https://www.linode.com/docs/applications/messaging/installing-rocketchat-ubuntu-16-04/
  2. Create self-cerf https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
  3. Config proxy https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/

After that, I can create a self-certificate (for the internal network only). Https is running well on browser now. But, still 2 problem

  1. When I put .cer file to ios, it is shown that Not verified (Unverified profile - The authenticity of "xxx" cannot be verified.) => So I can install it, but after installed, it is still not verified.
  2. After install certificate, I go to rocket.chat App, and try to connect to my server (Connect to a server => https://myinternaldomain.com => could not establish the secure connection to the server ios local server....)

Anyone face to this problem? Please give me an advice.

Xem các bản ghi [34mI20181118-23:18:24.878(-8) Updating process.env.MAIL_URL [34mI20181118-23:18:24.917(-8) Starting Email Intercepter... [34mI20181118-23:18:29.744(-8) LocalStore: store created at
[34mI20181118-23:18:29.745(-8) LocalStore: store created at
[34mI20181118-23:18:29.745(-8) LocalStore: store created at
[34mI20181118-23:18:32.879(-8) Setting default file store to GridFS [34mI20181118-23:18:32.882(-8) LocalStore: store created at
[34mI20181118-23:18:32.883(-8) LocalStore: store created at
[34mI20181118-23:18:32.883(-8) LocalStore: store created at
[34mI20181118-23:18:41.756(-8) (rocketchat_migrations.js:159) Migrations: Not migrating, already at version 135 [34mI20181118-23:18:42.370(-8) Updating process.env.MAIL_URL [34mI20181118-23:18:42.372(-8) [32mUsing GridFS for custom sounds storage [34mI20181118-23:18:42.381(-8) [32mUsing GridFS for custom emoji storage [34mI20181118-23:18:42.384(-8) ufs: temp directory created at "/tmp/ufs" [34mI20181118-23:18:42.920(-8) Loaded the Apps Framework and loaded a total of 0 Apps! [34mI20181118-23:18:44.709(-8) [32m➔ [32mSystem ➔ startup [34mI20181118-23:18:44.709(-8) [32m➔ [32m+--------------------------------------------------+ [34mI20181118-23:18:44.709(-8) [32m➔ [32m| SERVER RUNNING | [34mI20181118-23:18:44.709(-8) [32m➔ [32m+--------------------------------------------------+ [34mI20181118-23:18:44.710(-8) [32m➔ [32m| | [34mI20181118-23:18:44.710(-8) [32m➔ [32m| Rocket.Chat Version: 0.71.1 | [34mI20181118-23:18:44.710(-8) [32m➔ [32m| NodeJS Version: 8.11.3 - x64 | [34mI20181118-23:18:44.710(-8) [32m➔ [32m| Platform: linux | [34mI20181118-23:18:44.710(-8) [32m➔ [32m| Process Port: 3000 | [34mI20181118-23:18:44.711(-8) [32m➔ [32m| Site URL: https://abc.vlocal.vn | [34mI20181118-23:18:44.711(-8) [32m➔ [32m| ReplicaSet OpLog: Enabled | [34mI20181118-23:18:44.711(-8) [32m➔ [32m| Commit Hash: e73dc78ffd | [34mI20181118-23:18:44.711(-8) [32m➔ [32m| Commit Branch: HEAD | [34mI20181118-23:18:44.711(-8) [32m➔ [32m| | [34mI20181118-23:18:44.711(-8) [32m➔ [32m+--------------------------------------------------+

nuvitu avatar Nov 21 '18 04:11 nuvitu

@nuvitu Hey, did you take a look in our docs about self-signed certificates on iOS and Android? https://rocket.chat/docs/developer-guides/mobile-apps/supporting-ssl/#supporting-ssl-for-development-on-rocketchat

rafaelks avatar Nov 21 '18 11:11 rafaelks

@rafaelks Your link adapted from Self Signed Certificate with Custom Root CA, same my link on step 2 :)

nuvitu avatar Nov 22 '18 01:11 nuvitu

@nuvitu Hey! I’m curious, did you enable trust for the self signed cert?

Settings > General > About > Certificate Trust Settings

Sameesunkaria avatar Nov 22 '18 08:11 Sameesunkaria

@nuvitu Hey! I’m curious, did you enable trust for the self signed cert?

Settings > General > About > Certificate Trust Settings

@Sameesunkaria Surely, yes, it is:

Allow Invalid Self-Signed Certs = TRUE (Allow invalid and self-signed SSL certificate's for link validation and previews.)

nuvitu avatar Nov 22 '18 09:11 nuvitu

@nuvitu This is not what Samar is talking about... you need to install the certificate on your iPhone, and then on your iPhone you need to go to Settings > General > About > Certificate Trust Settings.

rafaelks avatar Nov 22 '18 11:11 rafaelks

@rafaelks @nuvitu And how to do that?

xereda avatar Nov 22 '18 11:11 xereda

@xereda @nuvitu After you've installed your self-signed certificate on the iOS device (you can open it directly from your iOS device and install it) you go to:

Settings > General > About > Certificate Trust Settings

Then you'll see something like this (with your certificate):

img_7696

Then you just enable it to trust. Close Rocket.Chat and open again and it will work.

rafaelks avatar Nov 22 '18 11:11 rafaelks

@rafaelks There is nothing in my ios.

xereda avatar Nov 22 '18 12:11 xereda

@rafaelks me too! There is nothing in certificate trust setting (ios 12.1)

nuvitu avatar Nov 22 '18 12:11 nuvitu

arquivo 22-11-2018 10 07 28

xereda avatar Nov 22 '18 12:11 xereda

@nuvitu @xereda make sure that you are installing the root certificate to your device.

Sent with GitHawk

Sameesunkaria avatar Nov 22 '18 12:11 Sameesunkaria

As i wrote, cer was installed!

nuvitu avatar Nov 22 '18 12:11 nuvitu

@nuvitu @xereda make sure that you are installing the root certificate to your device.

Sent with GitHawk

How to do this?

xereda avatar Nov 22 '18 12:11 xereda

https://rocket.chat/docs/developer-guides/mobile-apps/supporting-ssl/#create-and-self-sign-the-root-certificate

Install the .crt file created here to your iPhone

@xereda

Sent with GitHawk

Sameesunkaria avatar Nov 22 '18 12:11 Sameesunkaria

Yes i installed the crt file ( send via email and open, and install)

nuvitu avatar Nov 23 '18 01:11 nuvitu

@Sameesunkaria I installed but it is in Configuration profiles ( sorry I must hide the name of CER ) 3

When clicking in it, it is shown that not verified 2

There is nothing in Certificate Trust Settings 1 1

nuvitu avatar Nov 23 '18 01:11 nuvitu

Hello All, Thank you all for your help. I understand the problem!

This is the way we create Root Certificate

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt After that, we must put rootCA.crt into IOS.

I'm wrong when put certificate which was generated using my domain.

But now, after CER was verified, I still got the alert "could not establish the secure connection to the server ios local server"

1

nuvitu avatar Nov 23 '18 07:11 nuvitu

@Sameesunkaria @rafaelks Do you have any ideal?

nuvitu avatar Nov 26 '18 02:11 nuvitu

Today I am still dealing with the same issue. Even after creating and installing the certificate. Any idea?

asafeca avatar Mar 25 '19 15:03 asafeca

@YoungLinkar @nuvitu You need to trust the root certificate on your iOS device.

rafaelks avatar Mar 26 '19 17:03 rafaelks

@YoungLinkar Do your certs in your server's cert file include all the certificates that are needed and are in proper order? e.g.

-----BEGIN CERTIFICATE-----
your domain cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
your intermediate cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
your root cert
-----END CERTIFICATE-----

balleddog avatar Nov 19 '19 10:11 balleddog