[Bug]: Desktop App: Server is not running at this URL. #3304
Comments
|
Confirmed - I'm seeing this also. This may be tricky - we do n't want to turn off TLS validation for security reasons. Having said that, disabling it does work: Anyone got any thoughts on the best approach here? |
|
I'll start of with I know nothing of electron apps. I do agree that TLS validation off is not the default way to ship. I'm not sure how much work it would be, but would it be possible to have a configuration item in the desktop app that whitelists a specific certificate serial number? https://www.electronjs.org/docs/latest/api/session#sessetcertificateverifyprocproc If the certificate is installed in the current user's certificate store can the desktop app use is directly from the store? |
|
We have a bit of an odd setup, we run our loot-core server process (that calls the API and gets the error) in a forked process. I think that means the session's setCertificateVerifyProc won't pick it up. Maybe we can configure node-fetch for Electron to figure out the root store 🤔 |
Desktop app to work with self signed certificates
|
I have a draft pr up - as expected the electron setCertificateVerifyProc wont work. The only way to make it work is for the user to specify the cert that they want to trust. @atrueresistance How did you generate your cert? I used makecert to test but want to make sure it also works on your config. |
|
@MikesGlitch I used the same command as in the documentation except with a subject alternative name to match the hostname.
|
Thanks, I have a build here: https://github.com/actualbudget/actual/actions/runs/10541997136/job/29208287390?pr=3308 Can you confirm if it fixes this issue? If you try it, don't forget to backup your budget first. |
|
|
|
That's what we'd expect for the appx installer - it's for the windows store. Try the "actual-electron-windows-latest" artifact, that should install as per usual. |
|
Is there a link? Sorry I'm not sure where I should be looking. |
Ah, this is the direct link to the download: https://github.com/actualbudget/actual/actions/runs/10541997136/artifacts/1850858005 Here's the PR, if interested: #3308 |
|
@MikesGlitch I was able to download the latest and get it running with the self signed cert. Thank you so much! |
|
Nice. I will soon test this as well. Im using Caddy as proxy, so a short-lived certificate. Can I trust the Intermediate / Root, so the short-lived signed certs work? |
I'm not too familiar with Caddy so couldn't say. You can trust a certificate that is locally on the PC that is .crt or .pem format. |
|
Closed by #3308 |
Verified issue does not already exist?
What happened?
I'm having an issue with the web server connecting to the desktop application.
The server is up and running using HTTPS and a self signed cert.
Having a self signed cert, you would normally be prompted in Chrome stating that the certificate is not valid. It's probably not the best way to go about it, but if you add it to the Trusted Root Certification Authorities for the current user Chrome inherently trusts it solving the warning. At least on the local machine for the current logged on user. I don't intend on opening the server to the outside, just LAN connection is good enough for me.
The desktop application is being ran on the same machine and user that the certificate was added to the Trusted Root Certification Authorities store.
Where are you hosting Actual?
Docker
What browsers are you seeing the problem on?
Desktop App (Electron)
Operating System
Windows 11
The text was updated successfully, but these errors were encountered: