iOS / Android Mobile FAQ
Can I use the mobile application without HTTPS configured on my passbolt server ?
A valid HTTPS configuration is mandatory for security concerns to be able to use the passbolt with iOS / Android. Mobile app won’t work with plain HTTP.
You can get a green padlock aside the url in your browser without a valid configuration for mobile app. A common misconfiguration error is to forget the intermediate certificate. You can check our SSL troubleshooting page for more details.
Can I use a self-signed certificate with the mobile application ?
The answer is yes. The mandatory part is to generate a certificate with a valid subjectAltName.
How to generate a proper Self-signed certificate ?
openssl req -x509 \
-newkey rsa:4096 \
-days 120 \
-subj "/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=passbolt.domain.tld/" \
-nodes \
-addext "subjectAltName = DNS:passbolt.domain.tld" \
-keyout key.pem \
-out cert.pem
This command will output two files: key.pem and cert.pem.
Of course, replace -subj values with your own. It is important to set your passbolt FQDN in both CN and subjectAltName.
Pro tip: You can use an IP address instead of a domain name for your self-signed certificate. If you do that, replace DNS with IP in subjectAltName.
How to import my self-signed certificate ?
Once your self-signed certificate configured, import it in your mobile.
Can I use 2FA ?
Our mobile application support TOTP and Yubikey.
Duo OTP is not supported yet.
How to get logs ?
Logs are available:
- inside top-right (?) button on Login screen and while scanning QRCodes
- once logged in inside the settings menu.
You can share them by clicking on the share icon on top-right of your screen.
On Android, logs collection must be manually enabled:
fig. Enable Android logs
I can’t login using Apache
Apache seems to discard the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your Apache config:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
I can’t login with this error: “gopenpgp: the key contains too many entities”
It means the OpenPGP key of your passbolt server contains more than one entity. It should not occur but we seen this issue on some old docker setup.
To fix this issue, you can rotate your passbolt server keys following this other FAQ page.
How can I check if JWT certificate matches with the JWT key
First check if the JWT key format is correct:
$ openssl rsa -in /etc/passbolt/jwt/jwt.key -check -noout
RSA key ok
You can now check if the certificate matches with the key with the command below:
$ if openssl rsa -in /etc/passbolt/jwt/jwt.key -outform PEM -pubout 2>/dev/null | diff /etc/passbolt/jwt/jwt.pem - > /dev/null; then echo "OK: JWT key matches with JWT pem"; else echo "NOT OK: JWT key and pem doesn't match"; fi
Not finding what you are looking for? You can also ask the community on the forum.
Talk to a humanOther frequently asked questions in the same category
- How to install passbolt server
- How to make passbolt backups
- How can I update my passbolt server?
- What are the minimum server requirements?
- Does passbolt provide hosting?
- Where can I get help for installation issues?
- Why do I see an unsafe mode banner in the footer?
- Why are my emails not being sent?
- Why should I install haveged on virtual environments?
- How to update my subscription key
- Why am I getting ldap synchronization issues?
- How to increase auto logout time?
- Firewall rules
- How to generate JWT key pair manually
- Troubleshoot Docker
- How to migrate from HTTP to HTTPS
- How to use docker rootless images
- How to import SSL certificate on mobile application
- Troubleshoot SSL
- How to rotate server GPG keys
- iOS / Android Mobile FAQ
- How to install passbolt in non-interactive mode?
- Troubleshoot Helm
- How to set up NTP
- Docker Secrets