Jump to content
Enpass Discussion Forum

hummels151

Members
  • Posts

    3
  • Joined

  • Last visited

hummels151's Achievements

Newbie

Newbie (1/14)

1

Reputation

  1. Hi @Pratyush Sharma, Thanks for your hint that Enpass is just using the system wide root certificate store. It seems like all browsers on all my "not working" devices have own CAs built in so it just works. I then tried to figure it out using a connect of openssl on my ubuntu 20.04 machine and discovered that my server was sending the wrong (old) intermediate certificate. So the browsers seem to "know" the intermediates already and trust them while the root devices obviously do not. After changing my QNAP NAS to use the correct new intermediate, it works like a charme again. Thank you! BRs, hummels151
  2. I am using Enpass on the following devices: Android 10 QKQ1.190825.002, Enpass 6.6.1.449 (sync only working when SSL verification ignored) Ubuntu 20.04, Enpass 6.5.1 (723) (sync only working when SSL verification ignored) Win10 Pro 10.0.19042, Enpass 6.5.2 (724) (just checked it again and surprisingly the sync was working with SSL verification) So currently it looks like the linux based devices are facing the issue. When configuring without verification, got the following: On Android I even got the error code 904060. When I check "ignore verification of SSL certificate", it works like a charme: The WebDAV in Browser is working certificate-wise, but there is a known problem with the QNAP NAS WebDAV, that opening it in a Browser will result in "Forbidden". When I test it in my Nautlius with davs://.... it works very well, as you can see here: I hope the information are helpful and you can figure out what is happening here. BRs, hummels151
  3. Hi, Since Friday my Enpass is not synchronizing with my WebDAV on a QNAP NAS anymore. I have not changed anything. The Enpass Version is still the same and the QNAP NAS still runs on the same firmware with same settings. The only thing that has changed is the renewed letsencrypt certificate which is issued by the new R3 intermediate with ISRG Root X1 authority. I checked if it is a certificate problem by changing the synchronization settings to "ignore SLL certificate verification". Using this setting, the sync was successful. Without this setting it fails with error code "904060". A crosscheck with my browsers on Windows 10, Ubuntu 20.04 and Android shows that every other device is trusting this root CA and verifies the certificate successfully. The obvious reason would be that Enpass is not trusting the ISRG Root X1 Authority. So please fix that, otherwise everyone using letsencrypt certificates will not be able to sync anymore sooner or later. https://letsencrypt.org/certificates/ I know there is a possibility to switch letsencrypt to use an alternative Root CA which probably would work. But since this would be a temporary solution only (Letsencrypt says they support the cross signature of IdenTrust until March 17, 2021 https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html) I do not want to change that. Obviously, I also do not want to disable the certificate validation for synchronizing my passwords. So please add the new Letsencrypt Root CA.
×
×
  • Create New...