SQRL server base and sample implementation for Java not working with Windows Client


Ipomoea

Member
May 20, 2020
8
0
Hello,

I am trying to use the sqrl-server-base for my Java-based web project.
As a reference, I tried to get the sqrl-server-example to run. I mostly did but it is not working the Windows Client, though the Android Client works just fine.
The only error I get is the one attached below. I don't really know why that is as the projects READ.ME claims to be tested with the latest version of the Windows Client which I am using.
Has anyone worked with this library and/or the sample implementation lately and has some input on what is wrong as I am running into the same issue when using the implementation in my own project.

Thanks,
Marie
 

Attachments

PHolder

Well-known member
May 19, 2018
1,171
190
Are you hosting the server on a machine with a proper certificate? You need a proper CA issued and signed certificate for the server or the Windows client won't be happy.
 

Ipomoea

Member
May 20, 2020
8
0
Thank you very much for your fast reply.
I am currently using self-signed certificates for testing. I take it they not accepted by the Windows Client then?
If so, is it even possible to test my application on localhost? Since, to my knowledge, these are the only certificates possible for localhost and the android app would not be able to connect to my localhost.
 

PHolder

Well-known member
May 19, 2018
1,171
190
It is possible, but it's not trivial. You need to set up your own CA (I'd suggest you Google for instructions on how to do it with the OpenSSL command line.) Then you need to add that CA cert (which is self-signed) to your machine's internal registry of trusted CA certs (Google time again.) Then you can use that CA [cert] to sign your server's cert. Then you will install the signed cert into your SQRL server. After doing all that, and probably rebooting, it should be possible to have it work. Good luck!

Note: If you're using Windows and need OpenSSL, I have used this one successfully for testing in the past: https://slproweb.com/products/Win32OpenSSL.html
 

AlanD

Well-known member
May 20, 2018
121
22
Rutland, UK
If you have a public webserver running on the machine, or you can manipulate your DNS records, you should be able to get a recognised SSL certificate from Letsencrypt.org.
 

Ipomoea

Member
May 20, 2020
8
0
Thank you. I did my local testing with the Browser Plugins as they do not seem to care about self-signed certificates.
 

Jeffa

Well-known member
May 20, 2018
207
106
Thank you. I did my local testing with the Browser Plugins as they do not seem to care about self-signed certificates.
If that is really true and the browser plugins do not care about signed ssl, then they are not compliant with the spec. (Of course if browser exceptions have been made then they will work)

For signed SSL cert of your localhost dev it might be worth looking at ngrok.io
 

Ipomoea

Member
May 20, 2020
8
0
If that is really true and the browser plugins do not care about signed ssl, then they are not compliant with the spec. (Of course if browser exceptions have been made then they will work)

For signed SSL cert of your localhost dev it might be worth looking at ngrok.io
I did have to accept the risk before being able to access the page but I am not sure if that equals an exception.
I didn't really look into it closed as it was working for testing purposes.

Also wouldn't that mean that the SQRL Android client is not compliant with the spec?
Because I can use it to log into my to AWS deployed instance which also uses a self-signed certificate at the moment.
 

Jeffa

Well-known member
May 20, 2018
207
106
I did have to accept the risk before being able to access the page but I am not sure if that equals an exception.
I didn't really look into it closed as it was working for testing purposes.

Also wouldn't that mean that the SQRL Android client is not compliant with the spec?
Because I can use it to log into my to AWS deployed instance which also uses a self-signed certificate at the moment.
can you share a link to your AWS instance? (By DM if you prefer.)
 
Last edited:

Jeffa

Well-known member
May 20, 2018
207
106
I did have to accept the risk before being able to access the page but I am not sure if that equals an exception.
I didn't really look into it closed as it was working for testing purposes.

Also wouldn't that mean that the SQRL Android client is not compliant with the spec?
Because I can use it to log into my to AWS deployed instance which also uses a self-signed certificate at the moment.
Just to be clear, The spec does not say that the cert must be signed, but it does require it to be trusted.
 

shanedk

Well-known member
May 20, 2018
419
112
I was also unable to login with the GRC client.

EDIT: It also failed with the Android client scanning the QR code.
 

Ipomoea

Member
May 20, 2020
8
0
I was also unable to login with the GRC client.

EDIT: It also failed with the Android client scanning the QR code.
I seem to have issues logging in using the Android app when accessing the website on Firefox. Chrome works every time for me. No idea why though.
What browser did you use?
 

MarkJH

New member
Aug 18, 2020
2
2
This fails for me with Steve's Windows' client and Jeff's (very latest / testing) iOS app - both tried several times. I haven't been keeping up-to-date with browser plugin development as I'm happy enough with the hard work from Steve and Jeff for my needs.
 

Paul F

Well-known member
Apr 11, 2019
87
26
Toronto
Here is the link:
It is still quite buggy so the login sometimes fails when using the Android app but it usually works after a few tries.
I tried logging in with my test client and got the error: x509: certificate signed by unknown authority. I'm not certain, but I believe we have to install your self-signed certificate on our sqrl client computers to make it work. I have to do that with my sqrl test server when it is on a different computer (on my LAN) than my sqrl client.
 

shanedk

Well-known member
May 20, 2018
419
112
I seem to have issues logging in using the Android app when accessing the website on Firefox. Chrome works every time for me. No idea why though.
What browser did you use?
I used Firefox. I just tried it with Chrome; it worked scanning the QR code from the Android client, but it still didn't work with the GRC client.