Hi all
I’m trying to import a client ssl certificate in the current Windows desktop client (3.12.3stable-Win64) on a fresh install of Windows 11. On the server I’m using an ssl server certificate from my own ca. The server (apache2.4) is configured to require a client certificate (SSLVerifyClient require). This has been working before, also with the desktop client, and it works now if I connect to the site with Firefox (with client certificate installed).
But now, when I to connect to my nextcloud server, the following happens:
- First, it complaines because of the self signed Certificate, as it does not know the CA yet.
- Second it recognises that a client certificate is required, and gives me the choice to install it
- But here comes the problem: When I add the client certificate in (pkcs12 format), and enter the password, it can’t install the certificate
Here the relevant lines from the log file:
| 2024-04-16 12:58:20:790 [ info nextcloud.gui.wizard C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\gui\owncloudsetupwizard.cpp:198 ]: | No system proxy set by OS |
|---|---|
| 2024-04-16 12:58:20:790 [ info nextcloud.sync.accessmanager C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\libsync\accessmanager.cpp:78 ]: | 2 https://docs.mydomain.ch/status.php has X-Request-ID bf8eb9ae-4c9b-4a25-a361-7c1f760cce97 |
| 2024-04-16 12:58:20:790 [ info nextcloud.sync.networkjob C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\libsync\abstractnetworkjob.cpp:363 ]: | OCC::CheckServerJob created for https://docs.mydomain.ch + status.php OCC::OwncloudSetupWizard |
| 2024-04-16 12:58:20:820 [ info nextcloud.sync.account C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\libsync\account.cpp:560 ]: | ssl errors SSL-Errors happened for url \https://docs.mydomain.ch/status.php\ \tError in QSslCertificate(\3, \01, \1NMdzrr+kTzie5TooVGFVQ==, \massaroCA, \massaroCA, QMap(), QDateTime(2017-07-10 15:51:00.000 UTC Qt::UTC), QDateTime(2027-07-10 15:51:00.000 UTC Qt::UTC)) : \Das oberste Zertifikat der Kette ist selbstsigniert und daher nicht vertrauenswürdig\ ( \Das oberste Zertifikat der Kette ist selbstsigniert und daher nicht vertrauenswürdig\ ) \n |
| 2024-04-16 12:58:20:820 [ info nextcloud.sync.account C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\libsync\account.cpp:561 ]: | (QSslCertificate(3, 02, 1HEvHHmeY3fbIakMCUF3FA==, massaroCA, docs.mydomain.ch, QMap((1, docs.mydomain.ch)), QDateTime(2017-07-10 15:57:00.000 UTC Qt::UTC), QDateTime(2027-07-10 15:51:00.000 UTC Qt::UTC)), QSslCertificate(3, 01, 1NMdzrr+kTzie5TooVGFVQ==, massaroCA, massaroCA, QMap(), QDateTime(2017-07-10 15:51:00.000 UTC Qt::UTC), QDateTime(2027-07-10 15:51:00.000 UTC Qt::UTC))) |
| 2024-04-16 12:58:24:226 [ info nextcloud.gui.sslerrordialog C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\gui\sslerrordialog.cpp:238 ]: | SSL-Connection is trusted: true |
| 2024-04-16 12:58:24:230 [ info nextcloud.sync.account C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\libsync\account.cpp:599 ]: | SSL-Errors happened for url \https://docs.mydomain.ch/status.php\ \tError in QSslCertificate(\3, \01, \1NMdzrr+kTzie5TooVGFVQ==, \massaroCA, \massaroCA, QMap(), QDateTime(2017-07-10 15:51:00.000 UTC Qt::UTC), QDateTime(2027-07-10 15:51:00.000 UTC Qt::UTC)) : \Das oberste Zertifikat der Kette ist selbstsigniert und daher nicht vertrauenswürdig\ ( \Das oberste Zertifikat der Kette ist selbstsigniert und daher nicht vertrauenswürdig\ ) \n Certs are known and trusted! This is not an actual error. |
| 2024-04-16 12:58:24:232 [ warning nextcloud.sync.networkjob C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\libsync\abstractnetworkjob.cpp:221 ]: | QNetworkReply::UnknownNetworkError Beim Lesen ist ein Fehler aufgetreten: error:0A00045C:SSL routines::tlsv13 alert certificate required QVariant(Invalid) |
| 2024-04-16 12:58:24:232 [ warning nextcloud.sync.networkjob.checkserver C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\libsync\networkjobs.cpp:546 ]: | error: status.php replied 0 |
| 2024-04-16 12:58:24:232 [ info nextcloud.sync.accessmanager C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\libsync\accessmanager.cpp:78 ]: | 2 https://docs.mydomain.ch has X-Request-ID e4657ddc-f895-47b5-81cc-a6fcfbddfa63 |
| 2024-04-16 12:58:24:232 [ info nextcloud.sync.networkjob C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\libsync\abstractnetworkjob.cpp:363 ]: | OCC::SimpleNetworkJob created for https://docs.mydomain.ch + |
| 2024-04-16 12:58:24:252 [ info nextcloud.sync.account C:\Users\User\AppData\Local\Temp\windows-21829\client-building\desktop\src\libsync\account.cpp:560 ]: | ssl errors SSL-Errors happened for url \https://docs.mydomain.ch\ \tError in QSslCertificate(\3, \01, \1NMdzrr+kTzie5TooVGFVQ==, \massaroCA, \massaroCA, QMap(), QDateTime(2017-07-10 15:51:00.000 UTC Qt::UTC), QDateTime(2027-07-10 15:51:00.000 UTC Qt::UTC)) : \Das oberste Zertifikat der Kette ist selbstsigniert und daher nicht vertrauenswürdig\ ( \Das oberste Zertifikat der Kette ist selbstsigniert und daher nicht vertrauenswürdig\ ) \n |
Has anybody had any similar issues? Is my certificate too old? (RSA 2048 signed with SHA-256 with RSA Encryption).
Any help is highly welcome.
Beat