Moodle for mobile

Moodle says the HTTPS certificate is self-signed or not trusted -- this isn't true

 
Picture of Brian Warling
Moodle says the HTTPS certificate is self-signed or not trusted -- this isn't true
 

Our Moodle 3.4 implementation, under Mobile Settings, reports this error:

"It seems that the HTTPS certificate is self-signed or not trusted. The mobile app will only work with trusted sites."

This isn't true. Our cert is not self-signed and it is trusted, and current. I am able to log into our Moodle site via the Moodle Mobile app (v. 3.5) just fine (though, as I reported earlier today, the updated Moodle Desktop app - v. 3.5 - won't accept my SSO credentials; https://moodle.org/mod/forum/discuss.php?d=373825)

This error message was not present when we were running Moodle 3.3. We upgraded to 3.4 at the end of June 2018. It was after the upgrade that this error started to appear. 

Any ideas what might be going on?

Thanks much... Brian

 
Average of ratings: -
Picture of Dan Marsden
Re: Moodle says the HTTPS certificate is self-signed or not trusted -- this isn't true
Core developersMoodle Course Creator Certificate holdersParticularly helpful MoodlersPlugin developersPlugins guardiansTestersTranslators

could be the base certs out of date on your Moodle web server. (is your web server up to date? - O/S, Apache etc...)

- or are you using an old symantec cert that is no longer trusted?

https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/

 
Average of ratings: -
Picture of Erica Bithell
Re: Moodle says the HTTPS certificate is self-signed or not trusted -- this isn't true
 

We apparently have exactly the same issue (recent upgrade to Moodle from 3.2 to 3.4, mobile app used to work and now it doesn't, with the error that you describe). If you do try to connect from the app, you get 'Invalid response value detected'.

The webserver OS is up to date. I've checked the certificate with https://www.geocerts.com/ssl-checker and https://www.ssllabs.com/ssltest/, and both responses have no issues at all. It is not a Symantec certificate (or any of the others listed in Dan's link).

Do you (Dan, Brian, or anyone else) have any suggestions for what else I might do to diagnose the problem here? I'm at something of a loss as to where to look next.

Thanks,

Erica

 
Average of ratings: -
Picture of Matteo Scaramuccia
Re: Moodle says the HTTPS certificate is self-signed or not trusted -- this isn't true
Core developersParticularly helpful MoodlersPlugin developers

Hello Everyone,
the code checks for certificate issues by making an HTTP HEAD request: it could be possible that you're blocking HEADs and then the check above will fail due to this issue.

HTH,
Matteo

 
Average of ratings: -
Picture of Brian Warling
Re: Moodle says the HTTPS certificate is self-signed or not trusted -- this isn't true
 

We think we've found the reason for this. Our developer says that there is a bug in curl that it is not fetching the certificate information.  Our curl version is v7.29.0.  It needs to be upgraded to v7.52.1. So we'll be upgrading curl and expect/hope that will fix it. 

Brian

 
Average of ratings: Useful (1)
Picture of Matteo Scaramuccia
Re: Moodle says the HTTPS certificate is self-signed or not trusted -- this isn't true
Core developersParticularly helpful MoodlersPlugin developers

TNX Brian for sharing your root cause!
In the recent past Moodle was trying to prompt for issues about missing/broken curl caps but with too many false positives due to the nature of the way curl is distributed among Linux flavors.

Long story short: MDL-55404 => MDL-57450 => MDL-56917 => MDL-57262.

HTH,
Matteo

 
Average of ratings: -