Moodle 3.4 fresh install - Mobile Settings - Certificate check

Moodle 3.4 fresh install - Mobile Settings - Certificate check

by Ken Task -
Number of replies: 4
Picture of Particularly helpful Moodlers

Fresh MDL 3.3 installed.
Mobile settings is showing a warning/notice which says:

"It seems that the HTTPS certificate is self-signed or not trusted. The mobile app will only work with trusted sites."

Server does have a valid (*not* self generated) cert from COMODO ... a
'trusted CA'. It uses a global/wildcard cert .. one for domain ... tcea.org.

Can check the cert via lock icon in browser.
https://sos.tcea.org/
It uses a global cert .. one for domain ... tcea.org.

Docs at:
https://docs.moodle.org/34/en/Mobile_web_services
don't offer any info about any work-around or fix.

https://www.sslshopper.com/ssl-checker.html
https://www.sslshopper.com/ssl-checker.html#hostname=https://sos.tcea.org/moodle33/

Checks out ... all green.

Thanks, in advance, for any info/assistance,

Ken

Average of ratings: -
In reply to Ken Task

Re: Moodle 3.4 fresh install - Mobile Settings - Certificate check

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Ken,
3.3 or 3.4?
BTW I prefer using https://www.ssllabs.com/ssltest/analyze.html?d=sos.tcea.org which gives you some more details (look for the vulnerabilities too).

$ openssl s_client -connect  sos.tcea.org:443
...
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=*.tcea.org
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
...

A CA is trusted if it belongs to the list of trusted CAs in the OS.
Could https://ssl.comodo.com/articles/possible-issues-with-ssl-certificates-in-android.php, https://support.comodo.com/index.php?/Knowledgebase/Article/View/1019/1/untrusted-certificate-error-on-android and https://stackoverflow.com/questions/36821931/comodo-ssl-err-cert-authority-invalid-on-chrome-mobile-and-opera-mobile-androi#36952596 be of some help?

In other terms, drop an email to Comodo Support and they should provide you a proper chain for "old OSes".

HTH,
Matteo

Average of ratings: -
In reply to Matteo Scaramuccia

Re: Moodle 3.4 fresh install - Mobile Settings - Certificate check

by Ken Task -
Picture of Particularly helpful Moodlers

Thanks, Matteo!   That does help ... forgot about sslabs. :\

Mdl version is 3.4.  OS is CentOS 7.

The server/network tech at domain was just about to take another job when he sent me files.

Will review what I have. ;) and check out Comodo info.

Funny ... was helping another gentleman get a cert for a domain name he owned and he had issues with getting the domain verified.  We even did the web check like Google does for sites.

Comodo also provided a form for generation of the CSR which one could submit online without local gen of a .key file.

Others I've worked with one had to generate the csr paried with a unique key.

Not sure I like Comodo. :\

Ken


Average of ratings: -
In reply to Ken Task

Re: Moodle 3.4 fresh install - Mobile Settings - Certificate check

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Ken,
let us know; in the past Comodo was already a star here big grin: https://moodle.org/mod/forum/discuss.php?d=326457.

HTH,
Matteo

Average of ratings: -
In reply to Matteo Scaramuccia

Re: Moodle 3.4 fresh install - Mobile Settings - Certificate check

by Ken Task -
Picture of Particularly helpful Moodlers

Well, Comodo might be a 'star' IF one has direct access to it for the global cert for the domain.  In this case, the moodle.example bundle mentioned in the 326457 discussion isn't present ... wasn't provided by former server admin for that domain.  

Besides that, entity has some time ago standardized on Canvas so there is really no interest by the entity to assure Moodles of any version works with certs nor Androids/iPads/iPhones.

Site really used for exploration of Moodles ... not a production server ... so guess it will limp along.

Funny though ... moodle 3.3 no such issue ... it's only the moodle 3.4 ... and probably all future versions of Moodle.   New app probably requires ... soooooooo .... guess it stays as is.

Thanks for the info and assitance though, Matteo!

'spirit of sharing', Ken

Average of ratings: -