iOS 11 Invalid Certificate (Self Signed). LAN Server

Maclaren · March 9, 2018, 3:25am

Hi,

I have Seafile 6.2.3 running on a small arm device running Ubuntu 16.04. Everything works, android/Mac OS X client/Windows drive client.

How ever I cannot get the iOS client to work. I have tried deleting the app and restarting the phone but the its the same error over and over again.

iOS keeps saying “The certificate for this server is invalid”

Note: I did enable the allow invalid certificates option in the settings before trying this. This is a self signed certificate and the server is hosted on LAN.

iOS: 11.2.6

Thanks

bionade24 · March 9, 2018, 9:24pm

So hosted on LAN means you’re not using a reverse proxy? But then you can’t use a cert? Is your Host in your network but not in the internet? Please tell a bit more.

My advice to use Let’s Encrypt with certbot, it’ll be made in 15 minutes.

DerDanilo · March 10, 2018, 8:58am

The ios client should accept self signed certs. @daniel.pan bug or one of those wonderful apple features?

bionade24 · March 10, 2018, 9:32am

I think it’s a bug in a iOS Framework.

shoeper · March 10, 2018, 1:00pm

I think this is not really about self signed certificates in general. It’s about trust and I think it is more a problem how Seafile handles it in the other clients than the iOS app seems to do. It is a major security issue to trust any certificate. So as long as the certificate is not trusted by the system a connection should be refused. Not doing so lets many users feel save while they aren’t save at all. The connection is more or less as insecure as plain old http.

DerDanilo · March 10, 2018, 1:51pm

But it should still allow this if people want to use their self signed cert.
The client should show the content of the cert and ask the user to confirm it.
If it changes it should for the popup again saying that it changed.

Maclaren · March 11, 2018, 8:37pm

@bionade24

Yes the Host is on my network but not on the internet.

I know Lets Encrypt will work but I haven’t done that since I just need it on my home network only and nothing more.

But then you can use a cert?

I don’t know what you mean by this question. I am using a self signed cert I created.

@DerDanilo
You are right. A popup DID show up and ask to confirm if I want to trust this certificate or not. Now it dosent event do that. Just simple a loading sign really quickly then it goes way and nothing happens.

DerDanilo · March 12, 2018, 2:47pm

Try to delete the app cache and configure again. Maybe you disallowed to connect using the self signed cert.

Maclaren · March 12, 2018, 3:08pm

@DerDanilo

I did, the confirmation poped up. “Do you want to trust this certificate etc…” I hit yes. Loading sign for couple seconds then nothing.

Henrik · March 14, 2018, 8:31am

Maybe this is a bug.
Have You tried to install the certificate into the device’s keychain/cert-store?

E-mail the certificate as an attachment to your iOS device.
Open the attachment and install the certificate.
It will be added to the trusted list. Maybe this will help.

Greets

Maclaren · March 15, 2018, 2:06am

@Henrik

Nope that did not work. I uploaded it to my iCloud and added it to the system key chain. It shows a slightly different error now.

“Failed to login. The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.1.98” which could put your confidential information at risk.”