[BUG] SSL_ERROR_INTERNAL_ERROR_ALERT

[dagid4]

Describe the bug:

Web page for http service proxy is not accessible. Secure Connection Failed. Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

Expected behavior:

Login screen should be loaded as in the Testing Web(Gitlab) access video.

Log file / Code snippet / Screenshots:

Scope of issue:

• TRASA codebase
• dashboard
• server
• mobile app
• browser extension
• device agent
• website/docs

Versions:

• TRASA version: v1.1.4
• OS (in which TRASA is installed): Windows 10 Pro
• Firefox Browser 84.0.1 (64-bit)
• Mobile device type and version (if issue is related to TRASA mobile app)

Additional context:
added in trasa:

DNS record for subdomain added:

subdomain can be pinged:

[flyinghermit]

My guess is since we are using Golang autocert package (to fetch the initial certificate for TRASA listen-address from LetsEncrypt) which does not support fetching wildcard certificates, it is serving invalid cert or crashing internally in TLS handshake while serving subdomains. It should have served at least a valid self-signed cert though!

Can you manually provide a wildcard certificate?
If yes, place certificate files in following path in server:

• certfile at /etc/trasa/certs/trasa-server.crt
• keyfile at /etc/trasa/certs/trasa-server.key

Note that certificate path and name should match exactly like above. You may also need to mount cert path from the main host to the container if you are using docker e.g:

sudo docker run -d --link db:db \
--link guacd:guacd \
--link redis:redis \
-p 443:443 \
-p 80:80 \
-p 8022:8022 \
-e TRASA.LISTENADDR=app.trasa \
-v /etc/trasa/certs/:/etc/trasa/certs
-v /tmp/trasa/accessproxy/guac:/tmp/trasa/accessproxy/guac \
seknox/trasa:v1.1.4

[dagid4]

Strange thing is that if I choose a domain name similar to Trasa server domain name, for example: I have Trasa on remote.example.com and website on office-dev.example.com, same error occurs. Trasa server have valid certificate, so maybe there is another problem, not only related to wildcard certificates.

The initial reason why I had chosen a subdomain to a Trasa server was this sentence in the guide: "(A domain name for web service which points to TRASA (should be a subdomain of TRASA server A record)"

I have disabled autocert with TRASA.AUTOCERT="false" and now it began to work. For now I will be using third party proxy to have a valid certificate. But it would be nice to get it working. Anyway, thank you for your help, I had no idea that it was caused by the certificate.

[flyinghermit]

The initial reason why I had chosen a subdomain to a Trasa server was this sentence in the guide: "(A domain name for web service which points to TRASA (should be a subdomain of TRASA server A record)".

yes this is needed for https access proxy to work.

I have disabled autocert with TRASA.AUTOCERT="false" and now it began to work. For now I will be using third party proxy to have a valid certificate. But it would be nice to get it working. Anyway, thank you for your help, I had no idea that it was caused by the certificate.

We definitely should look into this :)

Also, kudos for super clearly reporting the issue 👍
Btw, may I ask what is the screen size of your browser you are working with? The dashboard UI looks misplaced due to its small size and we definitely should rework on responsiveness as well :P

[dagid4]

I have resized the window only to make the image smaller :-) my screen size is classic 1920x1080