question

SSB-7585 avatar image
1 Vote"
SSB-7585 asked Stefanov-5813 published

Xamarin Android SSL Error connecting to SignalR

Hi I am all of a sudden getting an SSL error when connecting to SignalR from my Xamarin Android app. it is only on Android, not on iPhone.

I am running dot net core WebApi and can connect to that from the Android app (https://) , but SignalR is throwing an error when running the StartAsync() method on the hub connection


Any ideas how to resolve or how to investigate this further please?


Message "The SSL connection could not be established, see inner exception."


InnerException {System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED at /Users/builder/jenkins/workspace/archive-mono/…}


StackTrace " at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore (System.IO.Stream stream, System.Net.Security.SslClientAuthenticationOptions sslOptions, System.Threading.CancellationToken cancellationToken) [0x000f6] in /Users/builder/jenkins/workspace/arch…"






dotnet-xamarinformsdotnet-aspnet-general
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

You'll need to do two things:

1] Update your code to use AndroidClientHandler like this solution: https://github.com/xamarin/xamarin-android/issues/4688#issuecomment-658833938
2] Update the trust chain for the SSL certificates on the server you're attempting to talk to.

0 Votes 0 ·
Bruce-SqlWork avatar image
0 Votes"
Bruce-SqlWork answered

android is complaining that the SSL certificate is not trusted. that is its not signed by trusted source. if this is a self signed certificate, you must install it on the phone. google for instructions for your version of Android.

if you paid for the cert, the seller is not trusted.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

33764322 avatar image
0 Votes"
33764322 answered

Probably releated to DST Root CA X3 expiration of LetsEncrypt certificates Sept 20, 2021

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

the following issue has been posted on xamarin-android on github.

https://github.com/xamarin/xamarin-android/issues/6351

We have no solution yet, The suggested workaround of renewing LetsEncrypt Acme did not work for us

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

UzairAli avatar image
0 Votes"
UzairAli answered LeonLu-MSFT commented
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi I have got a fullchain.pem and chain.pem - which is the one that needs to be updated with your workaround?

also what is the impact of removing that last entry? the site will still be accessible?

0 Votes 0 ·

You can copy the characters from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- to make a test.

0 Votes 0 ·
Stefanov-5813 avatar image
0 Votes"
Stefanov-5813 answered Stefanov-5813 published

I posted my workaround for kubernetes with Cert-Manager environment: https://github.com/xamarin/xamarin-android/issues/6351#issuecomment-936909856
Basically I added the preferredChain: "ISRG Root X1" line to the ClusterIssuer yaml recipe.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.