I wanted to connect to our confluence using Android app w/ SSL/TLS client certificate. Android internet browser is capable of connecting to the web version of confluence, but Android Confluence App not. Is there any way doing so? Will it be supported in any future release/update of the app?
According to our documentation on Confluence Mobile, SSL certificates are supported. I tried searching to see if there were any reported cases of the Android Confluence app not working with SSL/TLS, but I wasn't able to find any.
Here are the requirements for the SSL:
HTTPS and certificate requirements
In the latest version of the iOS and Android apps, you can connect to the app using either HTTP or HTTPS.
If you're using HTTPS your proxy must allow TLS 1.2 traffic. This is an iOS requirement that we've chosen to implement for both the iOS and Android apps to prevent confusion (for example where one device can log in, and another cannot).
Ideally, your certificate should be from a trusted Certificate Authority. If you have certificate that is self-signed, or from an unknown Certificate Authority (for example, you are your own CA), users may still be able to use the app by manually installing your certificate on their device. See our Knowledge base article for more information on how to do this.
Can you let me know what error message you're getting when you try to connect? If you're meeting all the requirements, have a look at the knowledge base article above for help connecting.
Let me know if you have any questions!
I use own certification authority (not literally self signed). I have
Connection supports and works with TLS 1.0, 1.1, 1.2. It's published using valid Let's Encrypt certificate.
I have launched confluence mobile app, entered URL, hit NEXT button, got
Can't connect to your site
This could be because the URL is wrong, you need to use a VPN, or Confluence is unavailable.
LEARN MORE , TRY AGAIN
That's pretty much it.
Could you check the article Unable to connect to SSL services as well just to be sure that the proper certs are copied over? I know this helps most often when a valid cert isn't working as expected.
Failing this, I'll dig a bit more into it and see what else could cause this, but I haven't seen very many examples of this yet, unfortunately.
meanwhile I tried multiple times, updated Confluence several times, actually running
CA Certificate is installed in Trusted Credentials
Client certificates are installed in User Credentials with access mode set to "VPN and apps"
Reverse proxy (nginx, running TLS 1.2) have not logged any attempt to create SSL handshake with SSL/TLS client certificates, just got 403 for non-successfull attempt, while hitting /server-info.action
Thank you for providing such thorough details of your setup and tests thus far.
While you do have a valid Let's Encrypt certificate, the mobile app requires a trusted certificate authority (e.g. DigiCert, GoDaddy, etc.) and the Let's Encrypt certificate may not be compatible.
I would recommend reviewing the resolution on the below article to help get Java to trust the certificate:
Let me know how that goes!
Is there any plan that Confluence Server will support new Let's Encrypt X4 CA launching on July 8. as a trusted CA?
If your team plans to use the Confluence Server mobile app, you'll need a certificate issued by a trusted Certificate Authority. You can't use the app with a self-signed certificate, or one from an untrusted or private CA.
Am I right?
The reason that we do not support Let's Encrypt is using a different structure entirely in order to obtain your certificate. The service is a free one and thus not on the list of Trusted Root Certificate Authorities. There is nothing here that would be used to prove your identity, as it's free, anyone can obtain such a certificate.
Therefore, since Let's Encrypt is not considered a Trusted CA Authority, the Confluence Server app is not able to support it. Unless, of course, you make the manual changes I mentioned earlier. Keep in mind that this would defeat the purpose of Let's Encrypt, since it's made to renew without you having to interfere with it.
Have a look here for more information on Trusted Authorities: What is a Certificate Authority?
We had a feature request in the past to support their structure, but it is not something we will be pursuing in the near future:
For more information on which Authorities are considered trusted:
Let me know if you have any questions about that.
+ if you could be so kind, just to clarify, what is the difference in security model between
This is nor blame or hate, I really want to understand motivation.
A private certification authority is fine too, but we recommend the certified authority because it doesn't require additional configuration like Let's Encrypt does.
It's not to say that Let's Encrypt won't totally work, it's just that it can require further configuration.
To answer your question about comparing the web browser vs the server mobile app, they're not necessarily equal. One thing that works in a mobile browser might not work the same way in the app, if you have Multi Factor Authentication, for example.
That said, if you have all the certs setup properly and it's still not working, then we may need to raise a bug, keeping in mind that the Confluence Server Mobile app is still currently in beta.
Could you provide examples of the messages you're seeing on the mobile app, such as screenshots of the error or prompts on the mobile device?
Thank you for providing those details. It is starting to look a bit more like a configuration issue.
I've run across the following article:
The causes and resolutions are as follows:
This error appears when the mobile app can't reach the Confluence site at all. This may be because:
- the Confluence site URL entered in the login screen is incorrect
- you've entered the URL with HTTPS, but the site is HTTP (or vice versa)
- HTTPS is enabled, but the Confluence base URL is set to HTTP
- the Confluence site is only accessible when connected to a virtual private network (VPN)
- the Confluence site is currently down or unavailable, for example for scheduled maintenance or upgrade
- your network configuration may be preventing unauthenticated requests to your server
To resolve this issue:
check that the Confluence site URL has been entered correctly, including the context path if you have one, for example,
try entering the URL without http:// or https:// (we'll try both HTTPS and HTTP for you).
check whether you can connect to Confluence using the browser on your device.
make sure you are connected to your organisation's virtual private network (VPN) if your Confluence site is not accessible on the public internet.
if you only get this error on Android, but you see a compatibility error on iOS, follow this article instead: 'Can't connect to your site' error in the Confluence Server mobile app
In addition, I would recommend testing from an iOS device and see if you are getting the same error there, or if you only get a compatibility error.
Thank you and best regards,
as I have written before
Reverse proxy (nginx, running TLS 1.2) have not logged any attempt to create SSL handshake with SSL/TLS client certificates, just got 403 for non-successful attempt, while hitting /server-info.action
And I have not logged any attempt from mobile to negotiate SSL/TLS handshake with reverse proxy terminating SSL/TLS using client certificate.
Thank you, Michal, for confirming.
I am creating a support ticket for you right now so please check your email for that.
It will help if you can reply to that ticket with a copy of your support zip.
Thank you so much. We will have our support team to continue to investigate this for you. Please feel free to reply here once you were able to resolve it with them with the cause of the error.
Did you ever solve this? Im facing a pretty similar situation. Connecting on via ssl terminating nginx reverse proxy doesnt work, connecting via the http-only internal address works...
#EDIT: nvm. found it. custom error pages were blocking <baseurl>/server-info
Thanks everyone for answering last week’s question. The winner of the random drawing from those who commented is: @LarryBrock I’ll contact you separately with your prize details. This wee...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event