0

Issues connecting player with local webserver via https

Hello guys,

i’m writing this post because I am recently stuck in an issue connecting the BrightSign Player to a local webserver.

A quick summary, so that you know what the situation looks like.

I’m running a Nextcloud installation with Collabora/Code inside Docker on a local webserver. Since Collabora prefers https over http, the communication with the server is SSL encrypted with a selfsigned certificate. The idea behind that is to make office files accessable with the BrightSign Player.

Well, I know BrightSign Players aren’t made for a scenario like that. Anyways, I can access the webserver and the Nextcloud Installation perfectly fine from my browser on my computer, but accessing the webserver from the BS-Player only displays the default background.

I already added the CA-Certificate with the plugin from github, means defining the plugin in the autostart, manually added the .crt file to the presentation and create a Variable.

Now, the player obviously checks for the certificate and finds it,

 

[   25.328] + Open userVariables.db

[   25.471] + Cert Variable found: server.crt

[   25.471] + Found Cert: pool/7/3/sha1-6f616c4a08a063ec199e7c9784bcf2ed167d2273

[   25.488] SYSC_close: 2007 callbacks suppressed

[   25.488] brightsign(1395):close(58) returning EBADF

[   25.635] SignalDispatcher received signal 17

[   25.635] + successfully added certificate

[   25.635] + Cert Variable found: server.crt

[   25.635] + Found Cert: pool/7/3/sha1-6f616c4a08a063ec199e7c9784bcf2ed167d2273

[   25.801] SignalDispatcher received signal 17

[   25.801] + successfully added certificate

 

but when trying to connect to the local webserver, the Player writes a certificate Error

 

[   28.784] Certificate error(-202) when connecting to "https://<example.cloud>". Cannot connect to host.

 

I tried a lot for the past 48h or so, and I really have no clue what the problem is. I cannot find anything on the web for this specific topic.

I hope you guys can help me, or maybe you got a hint or Tipps for me

Thanks in advance and best regards,

Sebastian

12 comments

  • 0
    Avatar
    Bright Scripters

    Is your cert self signed, or obtained from a reputable source?

    Was the cert issued for domain example.cloud?

     

  • 0
    Avatar
    Brandon

    Use the Download Speed Test in the Diagnostic Web Server to get additional error information.  Likely you need to combine the root CA into the installed certificate.  The entire chain of trust must be verifiable by the installed certificate(s).


    Friendly reminder, the forum is intended for user-to-user discussion. For troubleshooting problems and to ensure a timely answer from a BrightSign representative, please submit a support ticket.

     

  • 0
    Avatar
    Sebastian Findeisen

    @ Bright Scripters

    It is selfsigned and created with openssl.

    Yes, exactly for the domain.

    @ Brandon

    This is the Output from the Dowload Speed test:

    Speed test failed on URL 'https://example.cloud/index.html', Reason: 'server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none'

    I tried to access the player via ssh to manually put the Certificate in place, but from the ssh connection i only get something that looks like a livestream of the log files.

    Edit:

    The certificate is issued for the whole domain dsb.cloud.arno.ai.vpn .

    How can i force the player to trust my CA-certificate. Or is there a way to get root permissions for manupulating the BrightSigns internal SSD?

  • 0
    Avatar
    Sarel G

    I'm having a similar issue. Trying to display an internal intranet site that uses a cert from letsencrypt. Getting the same Certificate error(-202) when connecting to "https://<example.cloud>". Cannot connect to host. error

  • 0
    Avatar
    Patrick

    I'm having an similar issue too. Im using sone brightsign devices in a domain behind a proxy server and i have no posibility to configure it (Company network with external IT-support).

    Is there any way to force the player to accept a client certificate irrespensive of a trusted or an "unsave" certificate?

    Another thing I am astonished about: I've integrated content from another external source to display weather informations. These are working fine, I only have this problem with live Data feeds like RSS or twitter.

  • 0
    Avatar
    Mike Parkhouse

    Have any of you managed to solve this?I too am having the same issue!

  • 0
    Avatar
    Patrick

    Not really... At the moment i'm using the keystore plugin with a certificate. A possible way might be to use a mergerservice which has no encryption.

  • 0
    Avatar
    Mike Parkhouse

    I'm only using Brightsign hardware and the appspace app. I don't think there is a way for me to use the keystore plugin as I'm not using brightauthor for anything.

  • 0
    Avatar
    Sebastian Findeisen

    No, I didn't solve it either. I am just using the services over http, since it's only working in the local network it's not that critical.

    @Mike Parkhouse: Without Brightauthor you won't be able to make advanced changes to the hardware.

  • 0
    Avatar
    Zzzonkkk-brightsign

    I had the same issue, but with a "Certificate error(-201) when connecting to "xxxx""
    I was using the keystore plugin, with a certificate containing the whole chain.
    The issue I was facing is that the unit time was not set (no NTP available on my local private network) !
    Setting the right time on the unit did solve the problem.

  • 0
    Avatar
    Matthews, Carlos C

    Has a workaround been established yet?

  • 0
    Avatar
    Brandon

    For BrightAuthor - install the certificate chain.
    https://brightsign.zendesk.com/hc/en-us/articles/114094183894-How-do-I-display-a-webpage-that-requires-a-client-certificate

    For Appspace or other CMSes- you need to talk to Appspace or the CMS vendor on how to get the certificate chain installed, we don't control their script.

Please sign in to leave a comment.