I purchased an SSL certificate for my domain on GoDaddy, added the certificate to my ISY994i, and now I cannot connect my Mobilinc Pro (Android). One thing to note is that the encryption I chose was the 2048 bit encryption.
The error I receive is: "Unable to connect to the lighting controller. Please verify the lighting controller settings." I cannot connect via Wifi or 3G.
I have tried connecting to my domain using a computer outside my home network and I don't have any trouble at all. Any help would be appreciated.
My Mobilinc Pro for Android version is v1.1.6.
Mobile Integrated Solutions
A place to share information on the MobiLinc family of Home Automation Apps
Cannot Connect After Adding SSL Cert
8 posts
• Page 1 of 1
Cannot Connect After Adding SSL Cert
by lhmathys » Sat Jul 07, 2012 2:38 pm
- lhmathys
- Posts: 4
- Joined: Sat Jul 07, 2012 2:31 pm
Re: Cannot Connect After Adding SSL Cert
by AdminWes » Sat Jul 07, 2012 3:57 pm
Hi lhmathys,
The cause of the issue could be in a couple of different places. Can you verify for me that using the ISY self-signed ISY certs at 512, 1024, and 2048 all work with MobiLinc/Android and the Android web browser ok for you?
If all three work self-signed certs work and the purchased cert does not work with MobiLinc Android can you connect to your ISY's web interface using the Android browser while the purchased cert is installed in the ISY?
What can you tell us about the purchased cert such as the CA used to authenticate it?
Also, what ISY firmware are you using?
Wes
The cause of the issue could be in a couple of different places. Can you verify for me that using the ISY self-signed ISY certs at 512, 1024, and 2048 all work with MobiLinc/Android and the Android web browser ok for you?
If all three work self-signed certs work and the purchased cert does not work with MobiLinc Android can you connect to your ISY's web interface using the Android browser while the purchased cert is installed in the ISY?
What can you tell us about the purchased cert such as the CA used to authenticate it?
Also, what ISY firmware are you using?
Wes
- AdminWes
- Site Admin
- Posts: 2153
- Joined: Sat Feb 07, 2009 2:52 pm
Re: Cannot Connect After Adding SSL Cert
by lhmathys » Sat Jul 07, 2012 9:21 pm
The 512 and 1024 self-signed certs work with both the MobiLinc Android app and the Android browser. The 2048 self-signed cert however, did not work in either.
I did try to connect to the ISY using the Android browser with my GoDaddy signed cert (at 2048 encryption) and it complained that the cert wasn't trusted - which I don't get because Firefox, IE and Chrome all accept the cert. If I told the browser to continue, it did load the home page.
My ISY firmware version is: Insteon_UD994 v.3.2.6 (2012-05-04-00:21:21).
I did try to connect to the ISY using the Android browser with my GoDaddy signed cert (at 2048 encryption) and it complained that the cert wasn't trusted - which I don't get because Firefox, IE and Chrome all accept the cert. If I told the browser to continue, it did load the home page.
My ISY firmware version is: Insteon_UD994 v.3.2.6 (2012-05-04-00:21:21).
- lhmathys
- Posts: 4
- Joined: Sat Jul 07, 2012 2:31 pm
Re: Cannot Connect After Adding SSL Cert
by AdminWes » Mon Jul 09, 2012 8:25 am
Hi lhmathys,
I believe that based on your testing the 2048 strength cert issued from GoDaddy is likely using a CA that is unknown to the Android OS. When issuing valid certs, the requester typically has to inform the issuer authority (GoDaddy) to authenticate the cert with a CA server that is known by the embedded trusted CA list in the OS software of the mobile device.
The reason that this works in Chrome on a PC is that the trust CA list is updated rather frequently. The trusted CA list in mobile devices are updated on OS upgrades and are not necessarily updated to understand all available trusted CA servers out there. This is also the reason that the Android browser complained about the validity of your issued cert. It does not have the issued cert's CA authority in it's trusted CA list.
My recommendation is to go back to GoDaddy and ask for a cert signed that will be recognized by your Android OS version. Our experience is with Verisign certs, and we have to explain to them where the cert will be used and what version of mobile OS we expect to be using the cert.
Also, it's possible that the Android HW/SW you have may not fully support 2048 bit encrypted sessions as evident by your testing confirming that the self-signed 2048 bit cert did not work while 1024 and 512 operated correctly. If you get GoDaddy to re-issue your cert, you may want to request a 1024 bit cert instead of 2048 for compatibility with your Android HW/SW.
Wes
I believe that based on your testing the 2048 strength cert issued from GoDaddy is likely using a CA that is unknown to the Android OS. When issuing valid certs, the requester typically has to inform the issuer authority (GoDaddy) to authenticate the cert with a CA server that is known by the embedded trusted CA list in the OS software of the mobile device.
The reason that this works in Chrome on a PC is that the trust CA list is updated rather frequently. The trusted CA list in mobile devices are updated on OS upgrades and are not necessarily updated to understand all available trusted CA servers out there. This is also the reason that the Android browser complained about the validity of your issued cert. It does not have the issued cert's CA authority in it's trusted CA list.
My recommendation is to go back to GoDaddy and ask for a cert signed that will be recognized by your Android OS version. Our experience is with Verisign certs, and we have to explain to them where the cert will be used and what version of mobile OS we expect to be using the cert.
Also, it's possible that the Android HW/SW you have may not fully support 2048 bit encrypted sessions as evident by your testing confirming that the self-signed 2048 bit cert did not work while 1024 and 512 operated correctly. If you get GoDaddy to re-issue your cert, you may want to request a 1024 bit cert instead of 2048 for compatibility with your Android HW/SW.
Wes
- AdminWes
- Site Admin
- Posts: 2153
- Joined: Sat Feb 07, 2009 2:52 pm
Re: Cannot Connect After Adding SSL Cert
by lhmathys » Mon Jul 09, 2012 4:44 pm
Hi Wes,
The GoDaddy service rep said that the problem is occurring because the intermediate certificate is not being installed correctly on the hosting server. I downloaded a copy of their intermediate certificate, but do you know how I install it? The only one that works correctly in the ISY is my domain certificate.
Thanks...
The GoDaddy service rep said that the problem is occurring because the intermediate certificate is not being installed correctly on the hosting server. I downloaded a copy of their intermediate certificate, but do you know how I install it? The only one that works correctly in the ISY is my domain certificate.
Thanks...
- lhmathys
- Posts: 4
- Joined: Sat Jul 07, 2012 2:31 pm
Re: Cannot Connect After Adding SSL Cert
by AdminWes » Tue Jul 10, 2012 7:38 am
Hi lhmathys,
I'm sorry, but no, I'm not familiar with installing intermediate certs on a hosting server. To be honest, I'm not even sure what hosting server the rep is referring to.
My past experience has been that at the time of creation the creators need to create the cert so that it is recognized by the OS's built in trusted CA list. I'm not sure this can be fixed without rebuilding the cert.
Wes
I'm sorry, but no, I'm not familiar with installing intermediate certs on a hosting server. To be honest, I'm not even sure what hosting server the rep is referring to.
My past experience has been that at the time of creation the creators need to create the cert so that it is recognized by the OS's built in trusted CA list. I'm not sure this can be fixed without rebuilding the cert.
Wes
- AdminWes
- Site Admin
- Posts: 2153
- Joined: Sat Feb 07, 2009 2:52 pm
Re: Cannot Connect After Adding SSL Cert
by lhmathys » Tue Jul 10, 2012 8:54 am
Thanks for the help, Wes...
Just FYI -
It seems that the ISY is the issue here. I don't think it provides the correct certificate chain (server->intermediate->root) the way it should, so when I install my certificate, it only installs the server cert. Thus, I don't think Mobilic - or my Android browser - receives the correct certificate chain for verification.
GoDaddy actually provided the intermediate and root certificate for me, and I've tried to manually chain the certificates together, but that didn't work either.
I've been in contact with someone at ISY on this subject as well.
Just FYI -
It seems that the ISY is the issue here. I don't think it provides the correct certificate chain (server->intermediate->root) the way it should, so when I install my certificate, it only installs the server cert. Thus, I don't think Mobilic - or my Android browser - receives the correct certificate chain for verification.
GoDaddy actually provided the intermediate and root certificate for me, and I've tried to manually chain the certificates together, but that didn't work either.
I've been in contact with someone at ISY on this subject as well.
- lhmathys
- Posts: 4
- Joined: Sat Jul 07, 2012 2:31 pm
Re: Cannot Connect After Adding SSL Cert
by AdminWes » Tue Jul 10, 2012 11:31 am
Thanks for the update. Let me know how this progresses with UDI.
Wes
Wes
- AdminWes
- Site Admin
- Posts: 2153
- Joined: Sat Feb 07, 2009 2:52 pm
8 posts
• Page 1 of 1
Return to Device Support in MobiLinc
Who is online
Users browsing this forum: No registered users and 3 guests