0

Issues connecting player with local webserver via https

Sebastian Findeisen

March 28, 2018 14:10

None

Follow

Hello guys,

i’m writing this post because I am recently stuck in an issue connecting the BrightSign Player to a local webserver.

A quick summary, so that you know what the situation looks like.

I’m running a Nextcloud installation with Collabora/Code inside Docker on a local webserver. Since Collabora prefers https over http, the communication with the server is SSL encrypted with a selfsigned certificate. The idea behind that is to make office files accessable with the BrightSign Player.

Well, I know BrightSign Players aren’t made for a scenario like that. Anyways, I can access the webserver and the Nextcloud Installation perfectly fine from my browser on my computer, but accessing the webserver from the BS-Player only displays the default background.

I already added the CA-Certificate with the plugin from github, means defining the plugin in the autostart, manually added the .crt file to the presentation and create a Variable.

Now, the player obviously checks for the certificate and finds it,

 

[   25.328] + Open userVariables.db

[   25.471] + Cert Variable found: server.crt

[   25.471] + Found Cert: pool/7/3/sha1-6f616c4a08a063ec199e7c9784bcf2ed167d2273

[   25.488] SYSC_close: 2007 callbacks suppressed

[   25.488] brightsign(1395):close(58) returning EBADF

[   25.635] SignalDispatcher received signal 17

[   25.635] + successfully added certificate

[   25.635] + Cert Variable found: server.crt

[   25.635] + Found Cert: pool/7/3/sha1-6f616c4a08a063ec199e7c9784bcf2ed167d2273

[   25.801] SignalDispatcher received signal 17

[   25.801] + successfully added certificate

 

but when trying to connect to the local webserver, the Player writes a certificate Error

 

[   28.784] Certificate error(-202) when connecting to "https://<example.cloud>". Cannot connect to host.

 

I tried a lot for the past 48h or so, and I really have no clue what the problem is. I cannot find anything on the web for this specific topic.

I hope you guys can help me, or maybe you got a hint or Tipps for me

Thanks in advance and best regards,

Sebastian

• Facebook
• Twitter
• LinkedIn

13 comments

• 0
  
  Bright Scripters March 28, 2018 19:56

  Is your cert self signed, or obtained from a reputable source?

  Was the cert issued for domain example.cloud?

   

• 0
  
  Brandon March 28, 2018 22:07

  Use the Download Speed Test in the Diagnostic Web Server to get additional error information.  Likely you need to combine the root CA into the installed certificate.  The entire chain of trust must be verifiable by the installed certificate(s).

  ---

  Friendly reminder, the forum is intended for user-to-user discussion. For troubleshooting problems and to ensure a timely answer from a BrightSign representative, please submit a support ticket.

   

• 0
  
  Sebastian Findeisen March 29, 2018 07:53

  @ Bright Scripters

  It is selfsigned and created with openssl.

  Yes, exactly for the domain.

  @ Brandon

  This is the Output from the Dowload Speed test:

  Speed test failed on URL 'https://example.cloud/index.html', Reason: 'server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none'

  I tried to access the player via ssh to manually put the Certificate in place, but from the ssh connection i only get something that looks like a livestream of the log files.

  Edit:

  The certificate is issued for the whole domain dsb.cloud.arno.ai.vpn .

  How can i force the player to trust my CA-certificate. Or is there a way to get root permissions for manupulating the BrightSigns internal SSD?

• 0
  
  Sarel G April 19, 2018 13:43

  I'm having a similar issue. Trying to display an internal intranet site that uses a cert from letsencrypt. Getting the same Certificate error(-202) when connecting to "https://<example.cloud>". Cannot connect to host. error

• 0
  
  Patrick November 01, 2018 10:07

  I'm having an similar issue too. Im using sone brightsign devices in a domain behind a proxy server and i have no posibility to configure it (Company network with external IT-support).

  Is there any way to force the player to accept a client certificate irrespensive of a trusted or an "unsave" certificate?

  Another thing I am astonished about: I've integrated content from another external source to display weather informations. These are working fine, I only have this problem with live Data feeds like RSS or twitter.

• 0
  
  Mike Parkhouse January 09, 2019 12:41

  Have any of you managed to solve this?I too am having the same issue!

• 0
  
  Patrick January 09, 2019 13:07

  Not really... At the moment i'm using the keystore plugin with a certificate. A possible way might be to use a mergerservice which has no encryption.

• 0
  
  Mike Parkhouse January 09, 2019 13:26

  I'm only using Brightsign hardware and the appspace app. I don't think there is a way for me to use the keystore plugin as I'm not using brightauthor for anything.

• 0
  
  Sebastian Findeisen January 09, 2019 14:09

  No, I didn't solve it either. I am just using the services over http, since it's only working in the local network it's not that critical.

  @Mike Parkhouse: Without Brightauthor you won't be able to make advanced changes to the hardware.

• 0
  
  Zzzonkkk-brightsign May 17, 2019 14:21

  I had the same issue, but with a "Certificate error(-201) when connecting to "xxxx""
  I was using the keystore plugin, with a certificate containing the whole chain.
  The issue I was facing is that the unit time was not set (no NTP available on my local private network) !
  Setting the right time on the unit did solve the problem.

• 0
  
  Matthews, Carlos C September 27, 2019 15:21

  Has a workaround been established yet?

• 0
  
  Brandon September 27, 2019 16:07

  For BrightAuthor - install the certificate chain.
  https://brightsign.zendesk.com/hc/en-us/articles/114094183894-How-do-I-display-a-webpage-that-requires-a-client-certificate

  For Appspace or other CMSes- you need to talk to Appspace or the CMS vendor on how to get the certificate chain installed, we don't control their script.

• 0
  
  Victor Lai September 08, 2022 04:05

  Hello, I've successfully added certificate:

  [ 36.824] + Cert Variable found: server.crt
  [ 36.824] + Found Cert: pool/c/0/sha1-947064050e4c1334c01d4987fa67eeb9fa4e2fc0
  [ 36.939] SignalDispatcher received signal 17
  [ 37.007] + successfully added certificate
  [ 37.007] + Cert Variable found: server.crt
  [ 37.007] + Found Cert: pool/c/0/sha1-947064050e4c1334c01d4987fa67eeb9fa4e2fc0 [ 37.122] SignalDispatcher received signal 17
  [ 37.188] + successfully added certificate

  But got this error afterward:

  [ 42.071] CertVerify: Error -200 for hostname "xxx" issued_by_known_root false status 1 [ 42.072]
  [ 42.072] Certificate error(-200) when connecting to "xxx". Cannot connect to host.

  Any workaround? thanks so much.