@
the_bertrum
Hi, Robert.
I see essentially the same when I view the cert in my Chrome/Android browser and the list of trusted certs in Android itself.
Some differences between your setup and mine:
1 As you said, you have a local CA cert installed on your phone (which implies a corresponding server running on your LAN) and I don't.
2. you have (I assume) a working local DNS resolver running on your LAN and I don't. It's mDNS only for local hostname resolution on my LAN.
It's probably easier for you test the impact of #1 by deleting your local CA cert than it is for me to stand up a local CA authority, etc.
As for #2, I mention it because Chrome/Android is throwing a DNS_PROBE_FINISHED_NXDOMAIN code when I try to access the HTTPS-enabled moOde player by its mDNS name (e.g., with a .local extension). I've tried using apps from the Google app store to monitor the network traffic but the output was too cursory to see what's going wrong (a real man would root his phone so he could use a sketchy app he found on the InterWeb™...I'm not that guy).
---
It seems I misspoke the other day about Firefox and Chrome not reaching my HTTPS-enabled moOde player (hostname moodex) via either mDNS name or IP address. Today, I'm seeing somewhat different results.
A. Chrome: using mDNS name still doesn't work (see above) but using the IP address does once I go through the steps to read the alert, accept the risk, and proceed. Once I've done that, I can close the tab and the browser and be able to open the WebUI without intervention on a fresh browser instance.
B. Firefox: using mDNS name now seems to work, with the same proviso about clicking through to accept the risk and proceed. The WebUI appears with a slash through the lock icon on the address bar. Clicking on the lock icon gives me a popup "Connection is not secure" and clicking on that in turn gets me a curious
Quote:https:moodex.local
Connection is not secure
Verified by CN=moodex.local
Unlike with Chrome, when I close and open Firefox again, I have to go through the "access the risk" steps again.
With Firefox, using the IP address instead of the mDNS name now appears to work the same as I describe above for Chrome.
I'm trying religiously to empty caches where appropriate but can't guarantee that every test is done from a clean slate.
---
I want to make a change to the template CA in get-cert.sh to add the player's IP address and see if that has any noticeable effect, but other than that I'm out of ideas.
Well, I suppose for completeness I should set up a separate subnet with a WiFi access point on a spare Pi running DHCP and DNS services to seek what I can learn there.
Regards,
Kent
PS - I see differences in my Android screens than those described in the setup docs (yours and the https-setup.txt file in the repo). I'll post separately about that.
PPS - wouldn't it be fun if we're getting differently tweaked versions of Android and the browser apps in the UK and the US. Don''t want to be paranoid about it but ....
