KeexyBox's forum
Problem with Mobile Amazon App and Keexybox self-signed certificate - Printable Version

+- KeexyBox's forum (https://forum.keexybox.org)
+-- Forum: System settings (https://forum.keexybox.org/Forum-System-settings)
+--- Forum: SSL Certificate (https://forum.keexybox.org/Forum-SSL-Certificate)
+--- Thread: Problem with Mobile Amazon App and Keexybox self-signed certificate (/Thread-Problem-with-Mobile-Amazon-App-and-Keexybox-self-signed-certificate)



Problem with Mobile Amazon App and Keexybox self-signed certificate - ricardodiaz - 12-18-2020

Hi!,

I already have the application configured for each of the devices we have at home, and the following happens to me:

From my mobile phone, I have problems to use the Amazon app, every time I try to access any option of the application, it shows an error page and prevents me from using it (this happens when the device is connected and making the dns queries to via KeexyBox).

After reviewing the phone's logcat, I see that the requests made by the application against the Amazon servers try to establish the SSL connection and it fails (handshake failed) and this, I imagine, must be due to the self-signed certificate generated from the KeexyBox application.

Is it possible in some way to configure a trusted certificate such as LetsEncrypt in the application to solve this problem?

(As long as this is the cause ... which is not clear to me either).

I paste an excerpt from my android's logcat:



Code:
12-12 21:11:54.574 13267 13287 W System  : A resource failed to call end.
12-12 21:11:54.575 13267 13287 W System  : A resource failed to call close.
12-12 21:11:54.577 13267 14148 E chromium: [ERROR:ssl_client_socket_impl.cc(960)] handshake failed; returned -1, SSL error code 1, net_error -202
12-12 21:11:54.602 13267 13267 E MShopWebViewClient: onReceivedSslError: primary error: 3 certificate: Issued to: CN=keexybox.keexybox,OU=Home,O=Keexybox,L=Somewhere,ST=Some-State,C=FR;
12-12 21:11:54.602 13267 13267 E MShopWebViewClient: Issued by: CN=keexybox.keexybox,OU=Home,O=Keexybox,L=Somewhere,ST=Some-State,C=FR;
12-12 21:11:54.602 13267 13267 E MShopWebViewClient:  on URL: https://fls-eu.amazon.es/1/batch/1/OP/A0........
12-12 21:11:54.621 13267 13267 D com.amazon.mobile.error.log.AppErrorLogHandler: {appVersion: 20.22.2.100}{errorDescription: primary error: 3 certificate: Issued to: CN=keexybox.keexybox,OU=Home,O=Keexybox,L=Somewhere,ST=Some-State,C=FR;
12-12 21:11:54.621 13267 13267 D com.amazon.mobile.error.log.AppErrorLogHandler: Issued by: CN=keexybox.keexybox,OU=Home,O=Keexybox,L=Somewhere,ST=Some-State,C=FR;
12-12 21:11:54.621 13267 13267 D com.amazon.mobile.error.log.AppErrorLogHandler:  on URL: https://fls-eu.amazon.es/1/batch/1/OP/Aal%.........


Thanks in advance.


RE: Problem with Mobile Amazon App and Keexybox self-signed certificate - benoit - 12-26-2020

Hi,

Do you have the issue using a profile without blacklist ?
If you get a SSL error, it can mean that a domain used by amazon app is in the Blacklist catategory and you should remove it.

In "Tools & Diagnostic -> Domain Check", Check if "fls-eu.amazon.es" or a CNAME target of the domain is in the Blacklist and remove it or move it in another category you will not use for the profile.

Even if the certificate is selfsigned or signed by LetsEncrypt, you will get a certificate error on domain fls-eu.amazon.es.