Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSL error on android when using pfsense

    Scheduled Pinned Locked Moved
    General pfSense Questions
    ssl error ssl
    3
    6
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zwiebelspaetzle
      last edited by

      I've recently started getting SSL errors when trying to download certain podcasts from an android device. This doesn't happen on my mac computer, but does on android devices. The problem doesn't occur when downloading via mobile network.

      For example, when I try to download https://www.podtrac.com/pts/redirect.mp3/pdst.fm/e/chtbl.com/track/28D492/traffic.megaphone.fm/SLT6080998271.mp3, I get the following error in my podcast app:

      java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

      If I copy the url to a browser, I get:

      ERR_SSL_KEY_USAGE_INCOMPATIBLE

      I've turned off suricata and pfblocker. I've also tried using both the default webconfigurator cert and a letencrypt (via acme) cert in System->Advanced->Admin Access->SLL/TLS Certificate, but the problem persists.

      How can I fix this problem?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Nothing to do with pfSense, the host serving that is using a bad cert it looks like.

        Your Mac probably shouldn't allow it.

        Steve

        Z 1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          @zwiebelspaetzle said in SSL error on android when using pfsense:

          traffic.megaphone.fm/SLT6080998271.mp3

          Mmm, something in the redirect since that direct link works.

          1 Reply Last reply Reply Quote 0
          • Z
            zwiebelspaetzle @stephenw10
            last edited by

            @stephenw10 That's what I thought at first, but when I disconnect from wifi and use mobile data, it works. Makes me think that SSL is breaking within pfsense. Maybe some version disagreement between Java on Android and pfsense.

            S 1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              pfSense does nothing to that connection by default. Unless you're running Squid that traffic is just routed.
              I can only imagine it connects differently via mobile data, to a different server perhaps.

              I assume your Mac is also behind pfSense? But how is that connecting, to the same server?

              Steve

              1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @zwiebelspaetzle
                last edited by

                @zwiebelspaetzle Mobile could be IPv6, could be a different web server entirely as they have multiple IPv4s.

                https://www.ssllabs.com/ssltest/analyze.html?d=www.podtrac.com&s=44.239.236.149&hideResults=on&latest looks pretty good but does show "Chain issues Incorrect order, Contains anchor". If the client had an issue with that, I would expect it to be a problem regardless of connection...but again could be different web servers.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post