Xibo Player HTTPS Communication with custom SSL certs

I followed this guide to setup the CMS with our own cert. We can get to the management site with no issue. However, when we try to connect a player we get certificate verify failed. We imported the root ca on the ubuntu machine but the error persists. Looking for assistance with solving this please. I will provide additional information upon request as I am not sure what all is needed to troubleshoot. We are using Xibo Docker 2.3.0

snapd itself provides its own certificate store, so you’d need to get your custom CA injected in to that for the Player to recognise it.

If there’s an option of getting a “real” certificate issued, with LetsEncrypt for example, that will be considerably simpler.

If that isn’t an option, then there’s no support in snapd at the moment for doing that, however there appears to be a workaround whereby you can bind mount your system certificates in to snapd. See https://forum.snapcraft.io/t/extending-system-certificates/114/21

Thanks for the reply. I am having trouble getting that work around to work. I am not an expert on linux by any means but I am good at following instructions. When I run the bind command the xibo player still shows certificate verify failed. I see the root ca in the snap ssl directory now but the error persists.

What do you mean by getting a real one? I have a certificate that was issued by our own CA.

A certificate issued by a CA that the system already trusts - ie a commercial paid for certificate, or one issued by LetsEncrypt for example.

If the work around doesn’t work then I’m afraid it’s not something I’m able to assist with. You could try commenting on the thread I linked and see if anyone from snapcraft can give you some guidance on how to integrate an additional certificate.

The work around works in that I can see the certificates from /etc/ssl showing in the snap\core\etc\ssl\certs directory. But for some reason the xibo player isnt using them. Posts to the snapd forum hasnt produced any replies. Is there any logging I can review on the client side that might shed some light?

The Player doesn’t parse any certificates itself. It just uses what the system provides.

I wonder if you’ve not rebuilt your certificate store when you added the new certificate?

I did rebuild the certificate store and I just verified that the new root ca is present in ca-certificates.crt.

Is there anywhere I can see why the xibo player is not able to verfiy the certificate. I have ssl cert store extended for snap and openssl gives me the ok when i test the cert but the xibo player keeps throwing the certificate verify failed

1 Like

I’ve asked one of the developers working on the Player software to take a look when they have availability, but their priority right now is ironing out the video playback issues we have that affect everybody so it may not be something they can do in the near future.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.