Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate error on ios clients #128

Open
kastork opened this issue Jan 2, 2024 · 4 comments
Open

Certificate error on ios clients #128

kastork opened this issue Jan 2, 2024 · 4 comments

Comments

@kastork
Copy link

kastork commented Jan 2, 2024

As of 1/2/2024 It looks like the certificate for the app's api has expired, or is otherwise invalid. Chats fail to send, and other app pages fail to load.

@dilyevsky
Copy link

We're getting this error too. The cert served by api.keybase.io appears to be self-signed:

openssl s_client -connect api.keybase.io:443 | openssl x509 -noout -text
Warning: Reading certificate from stdin since no -in or -new option is given
depth=1 C=US, ST=NY, L=New York, O=Keybase LLC, OU=Cert Authority, CN=keybase.io/emailAddress=ca@keybase.io
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 C=US, ST=NY, L=New York, O=Keybase LLC, OU=Cert Authority, CN=keybase.io/emailAddress=ca@keybase.io
verify return:1
depth=0 C=US, ST=NY, L=New York, O=Keybase LLC, CN=api.keybase.io
verify return:1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4118 (0x1016)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=NY, L=New York, O=Keybase LLC, OU=Cert Authority, CN=keybase.io/emailAddress=ca@keybase.io
        Validity
            Not Before: Jan  3 16:03:28 2024 GMT
            Not After : Jan  2 16:03:28 2028 GMT
        Subject: C=US, ST=NY, L=New York, O=Keybase LLC, CN=api.keybase.io
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b9:96:5a:05:24:72:d1:39:4b:44:ea:6d:d6:02:
                    44:35:28:e6:f4:66:20:d9:f2:40:87:42:14:5b:62:
                    6b:25:ad:67:c4:19:88:6c:25:f2:63:17:3d:1f:92:
                    15:00:64:e5:92:95:7c:32:6f:5a:e0:73:20:49:ae:
                    3f:cb:d3:97:bc:38:71:fc:d4:b0:7d:f3:4f:25:f7:
                    b6:9c:1e:75:d6:d6:89:f8:cd:24:a2:50:a6:60:d8:
                    a1:04:18:96:be:cf:17:5b:ef:db:ae:7e:12:f4:5a:
                    d6:6c:6b:b7:45:16:b1:30:a4:0c:a7:6d:84:39:97:
                    b0:2a:c0:2b:f2:36:68:99:9f:6d:95:c8:9e:ce:62:
                    24:f7:52:5c:9b:ec:fb:b5:7b:90:57:91:be:ca:47:
                    9c:bb:02:e3:93:96:07:88:20:a9:c4:28:45:17:ba:
                    73:20:12:00:f6:aa:d6:a2:d7:4d:3d:12:09:79:c9:
                    c3:0a:94:f4:fa:51:9d:ac:c5:d0:b0:91:04:cc:35:
                    77:aa:fa:7d:a5:dc:d0:b4:9c:bb:6e:ba:b9:d9:cf:
                    2a:b9:42:99:03:fe:b7:03:e2:8a:66:02:d1:bd:d3:
                    53:10:80:98:25:50:79:18:33:80:9e:ec:3e:fd:f9:
                    ce:df:95:09:b9:af:3d:fe:26:a5:62:b6:dc:36:97:
                    d9:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Server
            X509v3 Subject Key Identifier:
                75:1B:01:5B:6B:76:32:EE:8A:6D:6A:9C:C2:DE:C9:77:12:2F:B3:19
            X509v3 Authority Key Identifier:
                keyid:46:AA:40:4C:EC:35:81:55:6B:CE:5A:AA:14:A6:E4:7D:A2:97:BF:0A
                DirName:/C=US/ST=NY/L=New York/O=Keybase LLC/OU=Cert Authority/CN=keybase.io\/emailAddress=ca@keybase.io
                serial:FC:E1:A5:C2:01:68:E7:8D
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Subject Alternative Name:
                DNS:api-0.core.keybaseapi.com, DNS:api-1.core.keybaseapi.com, DNS:*.prod.kb-aws.net, DNS:api.keybase.io
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        58:0c:9e:c0:17:8a:81:75:9f:87:9f:12:a9:33:bc:d5:b7:17:
        f9:f9:25:e7:bb:83:cd:20:04:4b:25:91:ac:73:92:5b:19:81:
        2a:3c:9c:cb:a7:60:ea:83:fa:31:1b:6e:31:a0:be:13:d5:be:
        6a:a1:ac:87:8d:fa:f4:6e:58:b1:13:6a:60:5f:fe:63:ec:f0:
        b0:ff:5d:24:bc:84:c8:b5:00:87:d7:04:db:03:63:b5:14:fe:
        31:e7:ed:b7:d8:50:c4:4a:a1:9b:f3:04:ed:2f:3a:bf:a0:af:
        48:9e:4a:c1:dd:ff:8f:8a:69:d3:4d:ae:6d:d9:06:3d:6d:d3:
        00:5c:88:62:e6:c2:a1:a7:64:98:33:5e:22:90:e2:4d:f8:c0:
        83:fa:1b:75:a9:38:36:52:4b:bd:39:d5:61:ed:f2:70:1e:3b:
        80:8d:64:f2:5a:0a:1f:58:4c:31:dc:44:4d:c1:6e:dc:1d:f7:
        32:69:53:a8:5c:0c:09:0c:fb:e7:eb:ce:b0:f4:fc:3e:1e:7a:
        41:8b:25:2d:38:9f:40:d6:3b:c5:77:87:2e:c3:96:dc:af:7a:
        e9:9e:3c:b4:45:8d:3f:90:ac:07:68:78:04:b4:41:23:44:79:
        8d:50:7c:a8:db:02:eb:76:ad:1b:ea:12:4e:24:4d:b0:f4:a6:
        97:a6:06:93:13:85:79:e2:a6:c3:49:6c:fd:00:dc:cc:bd:b7:
        af:40:44:97:0a:a2:83:90:68:91:c1:26:92:e5:e5:90:d9:8c:
        e8:02:1e:57:fc:14:90:0b:00:fb:b4:8f:25:21:35:6f:50:9f:
        de:1a:d4:6c:52:89:ae:b5:a7:9a:19:aa:5c:ad:f4:cb:9e:cb:
        40:7b:ee:9f:b1:a4:20:67:53:25:f1:5e:94:2d:a0:60:e9:f3:
        6b:aa:43:78:c2:4f:d8:64:49:e9:e0:a4:0d:bd:00:cc:64:f0:
        0c:01:7f:56:2d:75:77:7e:7b:41:37:69:ec:03:08:75:38:42:
        01:74:fc:02:ee:c1:67:3d:2b:b5:47:27:cf:91:26:91:36:38:
        25:cb:69:79:bc:df:64:d8:62:3f:0f:3c:47:68:a6:0e:3b:df:
        77:f6:6b:75:0a:f5:41:02:de:e0:f3:c7:31:e8:43:92:d0:94:
        24:c9:7c:bb:e6:2a:ef:32:cf:29:b6:b7:57:76:22:f1:ba:1e:
        13:1c:19:ea:32:71:19:18:ca:7b:15:f2:96:d4:08:0d:e4:c0:
        61:a7:f9:46:3f:1f:47:16:0b:f4:05:d8:e8:be:17:c1:b3:f1:
        d0:97:14:1a:60:28:fe:1d:24:7e:7c:df:98:83:f2:39:63:ee:
        cf:79:7e:69:c5:2f:aa:00

@dilyevsky
Copy link

Actually it might be by design and they are not using public CA infra. So needs a client upgrade %)

@buuggyy
Copy link

buuggyy commented Jan 4, 2024

Yes, and attempts to send a bug report from the CLI throws this error: ERROR API network error: Post "https://api-0.core.keybaseapi.com/_/api/1.0/logdump/send.json": x509: certificate signed by unknown authority

@buuggyy
Copy link

buuggyy commented Jan 4, 2024

Deleting the app and reinstalling from here did work, but that's not exactly how updates are supposed to work.
https://keybase.io/docs/the_app/install_macos

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants