Windows Desktop Syncing Client "Failed to establish secure connection"

Brett-Bailey · June 11, 2017, 1:25am

I just setup Seafile and everything seem to be working fine and was able to login to the website and so on.

However when trying to run the Windows desktop client for the 1st time, I can login, but then for “My Library” it keeps getting “Failed to establish secure connection” and won’t sync. Searching I did find https://forum.seafile.com/t/seafile-server-not-syncing-with-https/560, but doing what it said by putting
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
in my /etc/nginx/nginx.conf and restarting nginx didn’t help.

Any ideas?

Thanks

Brett-Bailey · June 11, 2017, 12:50pm

I also get the same thing when trying to run the Linux desktop client as well. I’m thinking of trying to use Let’s Encrypt instead of the self signed ssl and see if that maybe helps, will update if it does.

DerDanilo · June 11, 2017, 12:56pm

Did you check the box in the clients to disable certificate validation?

Brett-Bailey · June 11, 2017, 1:29pm

Thanks yeah that did it.

So I think I understand, with self signed ssl I need to disable certificate validation, but if I do switch to Let’s Encrypt then I will want to turn that back on.

Again thanks for the help.

DerDanilo · June 11, 2017, 3:55pm

Right! It’s also useful for non IT guys to be able to access your shared files with ease. Might also help that “this server can be trusted”.

Here is an article from the Syncwerk Forum about setting it up:
https://forum.syncwerk.com/t/setup-lets-encrypt-for-Syncwerk-server-with-nginx/5709

You might have to read though some articles on Google. I have no idea how it is done in Windows.

IgorGIV · June 11, 2017, 4:43pm

Does the disabling of certificate validation prevent of using secured connection so it becomes unsecured? I think it is not a good idea to disable it.
Had the same problem with the self-signed certificate and the solution was very simple - you should to have right names in your server settings (in my case it was an external IP, because i don’t use domain name) while you generating certificate. So this name should be the same with an address (or IP) on which your client is connecting.

DerDanilo · June 11, 2017, 5:45pm

https://www.entrust.com/ssl/

IgorGIV · June 11, 2017, 6:19pm

Yeah, i know how SSL works. Actually my question was about how does seafile desktop client work when you check or uncheck “disabling of certificate validation”.

DerDanilo · June 11, 2017, 7:02pm

Well the connection itself is still encrypted. It’s more about if you trust the certificate that is not officially signed. Anybody could issue a self-signed certificate and your client would basically accept it. Same as in browser.

IgorGIV · June 11, 2017, 7:29pm

Thanks a lot for your explanation!