Central/Enketo integration with self-signed cert

Another related? question

We have installed ODK Central 0.9 and self signed a certificate

I can login, and administer ODK central no problem e.g. upload new forms to projects etc.

However when I try to preview a newly published form I get a loading error self-signed certificate

Sorry I'm new to ODK so still finding my way with the system

enketo-certificate-error

Thanks in advance

Sorry this slipped through the cracks, @John_Zurowski. The instructions recommend using Let's Encrypt to obtain a free certificate. Is there a reason you can't do that?

It looks like something in Enketo prevents the use of self-signed certificates. @martijnr do you know whether that's one of Enketo's libraries, an nginx configuration, something else? Is it a deliberate design decision? ODK Collect currently does not recognize self-signed certificates either but this is under review (e.g. Odk Collect with Custom Certificate: Android 5 (works), Android 7,8 (fails)). I'm working on putting together a reasoned policy and it'd be great to have that be consistent between the two clients.

Hi,

Simply add
ENV NODE_TLS_REJECT_UNAUTHORIZED='0'
in enkoto.dockerfile after the line 1 (i.e. AFTER FROM enketo/enketo-express: ... )
the rebuilt enketo image and it works (this is related to node and not to enkoto)
A good way will be to manage that on the enkelo level incase the domain is local / localhost or host.docker.internal (i.e. export ENV NODE_TLS_REJECT_UNAUTHORIZED='0' as environement variable )
--> THIS SHOULD NEVER BE USED IN PRODUCTION

Also enketo gave me an error when I used local as domain so use the doker workarround
DOMAIN=host.docker.internal

I hope it helps

br

3 Likes

Yes, I think it's that. (the request library, which we actually have to replace...)

1 Like