this post was submitted on 04 Sep 2024
29 points (100.0% liked)

Selfhosted

40296 readers
212 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I host a website that uses mTLS for authentication. I created a client cert and installed it in Firefox on Linux, and when I visit the site for the first time, Firefox asks me to choose my cert and then I'm able to visit the site (and every subsequent visit to the site is successful without having to select the cert each time). This is all good.

But when I install that client cert into GrapheneOS (settings -> encryption & credentials -> install a certificate -> vpn & app user certificate), no browser app seems to recognize that it exists at all. Visiting the website from Vanadium, Fennec, or Mull browsers all return "ERR_BAD_SSL_CLIENT_AUTH_CERT" errors.

Does anyone have experience successfully using an mTLS cert in GrapheneOS?

[SOLVED] Thanks for the solution, @Evkob@lemmy.ca

you are viewing a single comment's thread
view the rest of the comments
[–] mike_wooskey@lemmy.thewooskeys.com 3 points 2 months ago* (last edited 2 months ago)

[SOLVED!] That Stack Exchange post was the solution! I had to ask ChatGPT for assistance (e.g., "how do I view the contents of a .crt and a .p12?", "how do I add a CA to a client cert?"), but it worked. Thanks for your help, @Evkob@lemmy.ca.

I don't think I would have ever thought that my client cert didn't contain the CA, especially because when I clicked on the client cert that was installed in GrapheneOS, it showed me a summary that said it did contain a CA! grrrr

(tagging @one_knight_scripting@lemmy.world as he wanted to know the solution)