psteininger
WebEngineKiosk (RPi3) - Installing CA certs for Chromium
Hi,
I am trying to create “dumb” terminal Nerves app with Nerves + WebEngineKiosk on RPi3. I got the firmware to burn and update ok. The issue is that when the WebView opens my server app (Phoenix app on another Nerves Raspberry Pi) I get “ERR_CERT_AUTHORITY_INVALID”. The certificate and domain are completely legit. The cert is issued via SSL Mate, and it appears completely valid when I access the URL from my computer in Chrome. I have DNS properly set up on the private network, etc.
I even use the chained cert on the Phoenix app.
So my best guess is that the bare chromium on the kiosk_system_rpi3 does not include the root CA cert, with which my cert was signed.
So the question is, how do I go about fixing that. How could I customize the system, to include the CA cert, and make the browser trust it?
Thanks in advance for any pointers.
Best,
Piotr
First Post!
psteininger
Just for some more details, I see this on the console:
14:42:17.945 [warn] webengine_kiosk(stderr): [159:236:0208/144217.945061:ERROR:cert_verify_proc_nss.cc(974)] CERT_PKIXVerifyCert for <domain.redacted.net> failed err=-8179
14:42:17.947 [warn] webengine_kiosk(stderr): [159:234:0208/144217.946830:ERROR:ssl_client_socket_impl.cc(962)] handshake failed; returned -1, SSL error code 1, net_error -202
The certificate is completely ok and legit. I think the problem is that Chromium does not recognize either of:
Sectigo RSA Domain Validation Secure Server CA
USERTrust RSA Certification Authority
CA certs. So the question is: how can I make it trust these?
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








