SQRL server base and sample implementation for Java not working with Windows Client

[Ipomoea]

Hello,

I am trying to use the sqrl-server-base for my Java-based web project.
As a reference, I tried to get the sqrl-server-example to run. I mostly did but it is not working the Windows Client, though the Android Client works just fine.
The only error I get is the one attached below. I don't really know why that is as the projects READ.ME claims to be tested with the latest version of the Windows Client which I am using.
Has anyone worked with this library and/or the sample implementation lately and has some input on what is wrong as I am running into the same issue when using the implementation in my own project.

Thanks,
Marie

 

[PHolder]

Are you hosting the server on a machine with a proper certificate? You need a proper CA issued and signed certificate for the server or the Windows client won't be happy.

 

[Ipomoea]

Thank you very much for your fast reply.
I am currently using self-signed certificates for testing. I take it they not accepted by the Windows Client then?
If so, is it even possible to test my application on localhost? Since, to my knowledge, these are the only certificates possible for localhost and the android app would not be able to connect to my localhost.

 

[PHolder]

It is possible, but it's not trivial. You need to set up your own CA (I'd suggest you Google for instructions on how to do it with the OpenSSL command line.) Then you need to add that CA cert (which is self-signed) to your machine's internal registry of trusted CA certs (Google time again.) Then you can use that CA [cert] to sign your server's cert. Then you will install the signed cert into your SQRL server. After doing all that, and probably rebooting, it should be possible to have it work. Good luck!

Note: If you're using Windows and need OpenSSL, I have used this one successfully for testing in the past: https://slproweb.com/products/Win32OpenSSL.html

 

[AlanD]

If you have a public webserver running on the machine, or you can manipulate your DNS records, you should be able to get a recognised SSL certificate from Letsencrypt.org.

 

[Paul F]

If you want more info on self-signed certs check the ReadMe.txt file here:

SQRL Server - Google Drive

drive.google.com

 

[Ipomoea]

Thank you. I did my local testing with the Browser Plugins as they do not seem to care about self-signed certificates.

 

[Jeffa]

Thank you. I did my local testing with the Browser Plugins as they do not seem to care about self-signed certificates.

If that is really true and the browser plugins do not care about signed ssl, then they are not compliant with the spec. (Of course if browser exceptions have been made then they will work)

For signed SSL cert of your localhost dev it might be worth looking at ngrok.io

 

[Ipomoea]

If that is really true and the browser plugins do not care about signed ssl, then they are not compliant with the spec. (Of course if browser exceptions have been made then they will work)

For signed SSL cert of your localhost dev it might be worth looking at ngrok.io

I did have to accept the risk before being able to access the page but I am not sure if that equals an exception.
I didn't really look into it closed as it was working for testing purposes.

Also wouldn't that mean that the SQRL Android client is not compliant with the spec?
Because I can use it to log into my to AWS deployed instance which also uses a self-signed certificate at the moment.

 

[Jeffa]

I did have to accept the risk before being able to access the page but I am not sure if that equals an exception.
I didn't really look into it closed as it was working for testing purposes.

Also wouldn't that mean that the SQRL Android client is not compliant with the spec?
Because I can use it to log into my to AWS deployed instance which also uses a self-signed certificate at the moment.

can you share a link to your AWS instance? (By DM if you prefer.)

 

[Jeffa]

I did have to accept the risk before being able to access the page but I am not sure if that equals an exception.
I didn't really look into it closed as it was working for testing purposes.

Also wouldn't that mean that the SQRL Android client is not compliant with the spec?
Because I can use it to log into my to AWS deployed instance which also uses a self-signed certificate at the moment.

Just to be clear, The spec does not say that the cert must be signed, but it does require it to be trusted.

 

[Ipomoea]

can you share a link to your AWS instance? (By DM if you prefer.)

Here is the link:

https://sqrl-env-1.eu-central-1.elasticbeanstalk.com

It is still quite buggy so the login sometimes fails when using the Android app but it usually works after a few tries.

 

[Dave]

Here is the link:

https://sqrl-env-1.eu-central-1.elasticbeanstalk.com

It is still quite buggy so the login sometimes fails when using the Android app but it usually works after a few tries.

FYI: I just tried 4 times with the GRC client without success.

 

[shanedk]

I was also unable to login with the GRC client.

EDIT: It also failed with the Android client scanning the QR code.

 

[Ipomoea]

I was also unable to login with the GRC client.

EDIT: It also failed with the Android client scanning the QR code.

I seem to have issues logging in using the Android app when accessing the website on Firefox. Chrome works every time for me. No idea why though.
What browser did you use?

 

[MarkJH]

This fails for me with Steve's Windows' client and Jeff's (very latest / testing) iOS app - both tried several times. I haven't been keeping up-to-date with browser plugin development as I'm happy enough with the hard work from Steve and Jeff for my needs.

 

[Paul F]

Here is the link:

https://sqrl-env-1.eu-central-1.elasticbeanstalk.com

It is still quite buggy so the login sometimes fails when using the Android app but it usually works after a few tries.

I tried logging in with my test client and got the error: x509: certificate signed by unknown authority. I'm not certain, but I believe we have to install your self-signed certificate on our sqrl client computers to make it work. I have to do that with my sqrl test server when it is on a different computer (on my LAN) than my sqrl client.

 

[shanedk]

I seem to have issues logging in using the Android app when accessing the website on Firefox. Chrome works every time for me. No idea why though.
What browser did you use?

I used Firefox. I just tried it with Chrome; it worked scanning the QR code from the Android client, but it still didn't work with the GRC client.