Loading Error "Could not connect with Form Server" on Trusted custom CA with NonStandard Port

Shashwat_Singh · July 10, 2021, 2:42pm

I have implemented custom SSL with trusted CA certificate. Host machine is windows server. There is IIS running on port 443 and 80 so I am using custom 8443 and port 8090.

here is my .env conf file.
`
DOMAIN=odkcentral.abcd.com
#main domain is hidden due to security reasons.

Used for Let's Encrypt expiration emails and Enketo technical support emails

SYSADMIN_EMAIL=administrator@email.com

Options: letsencrypt, customssl, upstream, selfsign

SSL_TYPE=customssl

Do not change if using SSL_TYPE=letsencrypt

HTTP_PORT=8090
HTTPS_PORT=8443
`

and placed the crt and key file in the /files/local/customssl folder with the specified name. The SSL on browser is showing secured. But i am unable to preview form and also unable to fetch Data.

Here is the LogCat from android, throwing some fatal exceptions

GET https://odkcentral.abd.com:8443/v1/key/9bXW5S!v80u9B1AERg0ntPTowpD6iUy1XfEJl7k263s4BDhGb562!Qiq$gRf4bgi/projects/1/formList 2021-07-10 20:02:23.908 7945-10424/org.odk.collect.android I/okhttp.OkHttpClient: User-Agent: org.odk.collect.android/v2021.2-beta.3-dirty Dalvik/2.1.0 (Linux; U; Android 11; POCO X2 Build/RKQ1.200826.002) 2021-07-10 20:02:23.908 7945-10424/org.odk.collect.android I/okhttp.OkHttpClient: X-OpenRosa-Version: 1.0 2021-07-10 20:02:23.908 7945-10424/org.odk.collect.android I/okhttp.OkHttpClient: Date: Sat, 10 Jul 2021 02:32:23 GMT 2021-07-10 20:02:23.908 7945-10424/org.odk.collect.android I/okhttp.OkHttpClient: --> END GET 2021-07-10 20:02:23.934 7945-10424/org.odk.collect.android D/StrictMode: StrictMode policy violation: android.os.strictmode.UntaggedSocketViolation: Untagged socket detected; use TrafficStats.setThreadSocketTag() to track all network usage at android.os.StrictMode.onUntaggedSocket(StrictMode.java:2182) at com.android.server.NetworkManagementSocketTagger.tag(NetworkManagementSocketTagger.java:82) at libcore.io.BlockGuardOs.tagSocket(BlockGuardOs.java:54) at libcore.io.BlockGuardOs.socket(BlockGuardOs.java:374) at libcore.io.ForwardingOs.socket(ForwardingOs.java:216) at libcore.io.IoBridge.socket(IoBridge.java:654)

Note: I have attached HttpInterceptor on OkHttpBuilder to intercept the network URL.

Also I have added crt file to @xml folder and replaced the trusted CA of letesncrypt with the custom certificate from GoDaddy. I have also tested it with letsencrypt certificate also but that didn't work.

There is no error message thrown inside decker intercept to debug it on my own end.

Shashwat_Singh · July 31, 2021, 8:37am

My Server doesn't support full internet access, so i had to use a proxy server to allow for internet access. I cannot use letsencrypt certificates as then it will verify public ip to be same as my server's ip. The problem with enketto unable to connect to server still persists.

yanokwa · July 31, 2021, 3:15pm

If you are installing natively on Windows, read https://docs.getodk.org/central-install/#installing-on-windows so you understand the implications.

It's unlikely that Central will work in this environment without a lot of changes to your network configuration. Unfortunately, that's not the kind of support we can provide on the forum.

If you wish to proceed with this configuration, your best bet is to offer to pay someone to help. Post at https://forum.getodk.org/c/marketplace/8.