• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SSL error on android when using pfsense

General pfSense Questions
ssl error ssl
3
6
1.3k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    zwiebelspaetzle
    last edited by Jan 27, 2022, 9:35 PM

    I've recently started getting SSL errors when trying to download certain podcasts from an android device. This doesn't happen on my mac computer, but does on android devices. The problem doesn't occur when downloading via mobile network.

    For example, when I try to download https://www.podtrac.com/pts/redirect.mp3/pdst.fm/e/chtbl.com/track/28D492/traffic.megaphone.fm/SLT6080998271.mp3, I get the following error in my podcast app:

    java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

    If I copy the url to a browser, I get:

    ERR_SSL_KEY_USAGE_INCOMPATIBLE

    I've turned off suricata and pfblocker. I've also tried using both the default webconfigurator cert and a letencrypt (via acme) cert in System->Advanced->Admin Access->SLL/TLS Certificate, but the problem persists.

    How can I fix this problem?

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Jan 27, 2022, 9:50 PM

      Nothing to do with pfSense, the host serving that is using a bad cert it looks like.

      Your Mac probably shouldn't allow it.

      Steve

      Z 1 Reply Last reply Jan 27, 2022, 10:20 PM Reply Quote 0
      • S
        stephenw10 Netgate Administrator
        last edited by Jan 27, 2022, 9:54 PM

        @zwiebelspaetzle said in SSL error on android when using pfsense:

        traffic.megaphone.fm/SLT6080998271.mp3

        Mmm, something in the redirect since that direct link works.

        1 Reply Last reply Reply Quote 0
        • Z
          zwiebelspaetzle @stephenw10
          last edited by Jan 27, 2022, 10:20 PM

          @stephenw10 That's what I thought at first, but when I disconnect from wifi and use mobile data, it works. Makes me think that SSL is breaking within pfsense. Maybe some version disagreement between Java on Android and pfsense.

          S 1 Reply Last reply Jan 28, 2022, 12:23 AM Reply Quote 0
          • S
            stephenw10 Netgate Administrator
            last edited by Jan 27, 2022, 10:33 PM

            pfSense does nothing to that connection by default. Unless you're running Squid that traffic is just routed.
            I can only imagine it connects differently via mobile data, to a different server perhaps.

            I assume your Mac is also behind pfSense? But how is that connecting, to the same server?

            Steve

            1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @zwiebelspaetzle
              last edited by Jan 28, 2022, 12:23 AM

              @zwiebelspaetzle Mobile could be IPv6, could be a different web server entirely as they have multiple IPv4s.

              https://www.ssllabs.com/ssltest/analyze.html?d=www.podtrac.com&s=44.239.236.149&hideResults=on&latest looks pretty good but does show "Chain issues Incorrect order, Contains anchor". If the client had an issue with that, I would expect it to be a problem regardless of connection...but again could be different web servers.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 0
              2 out of 6
              • First post
                2/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.