SSL Certs

[cburman01]

Any plans to support loading in a custom CA's? I am getting ERR_CERT_AUTHORITY_INVALID when currently loading an ssl page inside the domain at my workplace. In a full linux distro I usually solve this by loading the ca into the OS. I didn't see any way to do that with the current config options.

Thanks!

Collin

[fhunleth]

Hi Collin - sorry, I don't plan on putting much of my "open-source" time into this project other than to review PRs and make releases when necessary. LeTote or others may be interested in this feature so we should leave it open. As a final option, feel free to DM/email me for contract support.

[cburman01]

@fhunleth No problem. I appreciate all you have done. Thanks

[psteininger]

@cburman01 I had that happen too, but with a Sectigo issued cert. I wound up using the chained version of the cert and including the cacertfile as well on the web server. But I had to ssh int to the running kiosk and do the following:

[{mod, pid, type, opts}] = Supervisor.which_children(YourApp.Supervisor)
WebengineKiosk.go_to_url(pid, some_other_url ) 
WebengineKiosk.go_to_url(pid, your_homepage_url )

I think for some reason the initial issue with CA cert was cached and showing an error when there was none.

The other option is to modify the system image and copy the files in as an overlay.

[harmon25]

You may be able to supply a chromium flag to allow insecure connections, or better provide a CA...

https://peter.sh/experiments/chromium-command-line-switches/

Like has been done here before launching the kiosk:

System.put_env("QTWEBENGINE_CHROMIUM_FLAGS", "--disable-gpu")