Community-edition: Missing "Trust invalid authority certificates" option.

Created on 2 Sep 2016 · 16Comments · Source: ramboxapp/community-edition

TC:

Setup HTTP server with invalid certificate (let's say it is self-signed certificate for local network service).
Place an image resource into the server.
Setup Outlook 365 account in Rambox.
Send and email to this account, in HTML format, add image tag referencing resource from step 2 with https protocol.
Open this email in Outlook 365 via Rambox.
Error message appears:

The service with the following URL has an invalid authority certification.
<URL>
You have to remove the service and add it again, enabling the "Trust invalid authority certificates" in the Options.

But there is no such option in Add Outlook 365 dialog.

Rambox 0.4.1
Electron 1.3.1
linux x64 4.7.2-040702-generic

enhancement

Source

orange-buffalo

Most helpful comment

I believe this approach is good as a short-term solution.
But it will limit functionality of Rambox. In my opinion the best way to resolve this would be to provide configuration option either to ignore certificate errors or to add certificate to exceptions like Chrome does, resulting in ability to display images served by servers with self-signed certificates.

orange-buffalo on 3 Sep 2016

👍6

All 16 comments

Right, that option is only on the Custom Services.

What if you open that email in Outlook 365 in Chrome? Is showing a message/error/warning?

saenzramiro on 2 Sep 2016

In Chrome everything is okay, image is displayed, no error messages, nothing related in js console.
Maybe I should also mention that I visited the server that provides the image before, in Chrome, and ignored the problem with this certificate.

orange-buffalo on 2 Sep 2016

Are you sure you don't allow that certificate before?

saenzramiro on 2 Sep 2016

You are right, I added this certificate to exceptions in Chrome previously.

orange-buffalo on 2 Sep 2016

Can you remove the exception and tell me what Chromes do when wants to load the image?

saenzramiro on 2 Sep 2016

When certificate is removed from exceptions in Chrome, image is not loaded and there is an error message in JS console:

Failed to load resource: net::ERR_INSECURE_RESPONSE

orange-buffalo on 3 Sep 2016

So what we can do is to prevent showing the error message and just not displaying the image, like Chrome. Do you agree?

saenzramiro on 3 Sep 2016

orange-buffalo on 3 Sep 2016

👍6

I run into the same issue but not for images.

I'm using a Cisco soft-phone application, which communicates to an in-browser-app.
The latter is an internal thing with a self-signed certificate. I can access it in Chrome by adding the exception for the cert, but would like to add it as custom service in Rambox too.

88scythe on 16 Jun 2017

@88scythe Did you check the option for "Trust invalid certificate" when you add the Custom Service?

saenzramiro on 30 Jul 2017

Hi
I did. Only thing I get once I open the configured custom service is a blank page. No errors, no warnings, no nothing. :s

88scythe on 31 Jul 2017

What about opening in Chrome?

saenzramiro on 27 Sep 2017

@saenzramiro
I'm getting issues with other services with self signed certs not working.

I'm pretty sure the Trust Invalid Certificate option is no longer working

rodneyrod on 13 Nov 2017

I have come across this issue for the first time since using Rambox. In my case todoist does not fully
load, stating "Certification Warning" in the status bar. Perhaps because of certificate issues with cloudfront.net? When I checked using the developer tools, it states in the "Security" tab that the certificate is valid. However, when I add the resolved URL (*.cloudfront.net) as a seperate service, it states in the "Security" tab the certificate is invalid.

I suspect this may have been caused by updating to 0.5.15. Using Chrome, todoist loads without any error.