https pages not accessible with Firefox on Android 11
Smartphone Google Pixel 4A, Android 11, https pages are partly not reachable with Firefox Ver. 83.1.0 and Fennec Browser Ver. 82.1.1, error message: "Secure connection failed", no display symbol Controlbar.
https pages Example: whisky.de, dasoertliche.de, mindfactory.de, mobilsicher.de, startpage.com etc. ........
Chrome Browser, InBrowser and SmartCookie Browser no error message, Symbol Controlbar is displayed
Certificate included after instruction, MAC address of the device is used !! TOR and VPN deactivated.
eBlocker Dashboard shows with certificate present: "!" on red background.
Raspberry Pi 4 B 4GB RAM, eOS 2.5.6, FilterList Nov. 21, 2020, Network Mode (Auto), Mask 255.255.255.0, Router Fritzbox 7560 Gateway 192.168.178.1, eBlocker DNS-Firewall external 126.96.36.199,
On my old smartphone Sony Xperia Android 9 I did not have these problems.
how long is your certifikate valid?
3 our 2 years?
Hello thanks for answer
The.certifikate is valid for 3 years, started at 13.09.2020
generate a new certificate that is only 2 years valid.
I hope this may help ...
Please tell me
@thomasbeier-team-de I thought with 2.5.x root cert is 2yrs by default. Did you change it by chance? Or it might be a bug? 🤔
Thanks for your answers. Will create a new certificate and then report.
But I have put the Raspberry Pi 4 with the final version of eOS into operation on 13.09.2020 and on that day I also created the certificate with the duration of 3 years.
Let's see if the new certificate will be created for only 2 years.
Maybe today, but I will have to reinstall the certificates on 2 laptops, 2 smartphones and 1 PC........ 😉
Now I have renewed the certificate in the eBlocker under Settings, HTTPS, Duration under Settings set to 2 years.
In the Smartphone (Android 11) I have installed the new certificate under Settings > Security > Advanced > Encryption and Logon Data > Install a Certificate > CA Certificate.
This certificate appears then under Settings > Security > Advanced > Encryption and Logon Data > Trusted Logon Data > Users, also.
I also installed the new certificate under Settings > Security > Advanced > Encryption and Credentials > Install a Certificate > WLAN Certificate.
This then appears under Settings > Security > Advanced > Encryption and Credentials > User Credentials.
Then the same way under Settings > Security > Advanced > Encryption and Credentials > Install a Certificate > VPN & App User Certificate, then the error message appears: File cannot be used, This file cannot be used as VPN & App user certificate.
Unfortunately all without success !!!
The described error still occurs. Now I do not know any more.
Hello love community
One more try ...
I downloaded the current image of the eBlocker OS and installed it on a new SD card. But even after starting the OS and embedding the certificate on my smartphone I still get the same error. (See above)
I noticed that the default setting for the duration of the certificate is 3 years.
Doesn't anybody have an idea what can be done or where the mistake lies?
In the Smartphone (Android 11) I have installed the new certificate under Settings > Security > Advanced > Encryption and Logon Data > Install a Certificate > CA Certificate
The duration of eBlocker‘s root certificate is OK with three years. In 2.4 the validity of the „on the fly“ signed website certificate was wrong. So this is all good. @random might got mixed up here 😉
Now, I‘m not on Android. But granting the eBlocker certificate root (full CA status) is essential. With iOS Apple has some extra hurdle implemented a user has to take. With Android there might be something similar. Each single step of the described certificate installation process must be followed.
Even you have done it: Please try anew and follow the wizard’s instructions carefully. There might be a last step (to grant CA root status) you have overseen.
BTW: It‘s enough to follow the instructions and it‘s not helpful to add eBlocker‘s root certificate in other places (as you discussed i.e. VPN & user certificate). The described error is expected as it‘s not a user certificate (but a CA root cert).
Hope this helps.
Thanks Benne for your personal answer, but now this:
On your advice, I have carried out all the steps once again in detail.
I have renewed the certificate in eBlocker under Settings, HTTPS, Certificate, renewed, leave the term standard 3 years.
In the new smartphone (Google Pixel 4a) I have deleted all old eBlocker certificates and installed the new certificate only under Settings > Security > Advanced > Encryption and Logon Data > Install a Certificate > CA Certificate.
After that it appears under Settings > Security > Advanced > Encryption and Logon Data > Trusted Logon Data > Users, but not under Settings > Security > Advanced > Encryption and Logon Data > Trusted Logon Data > System. So I guess it is not installed as a root certificate. Android apparently prevents this !!! ???
By the way, after deleting all certificates in my old Sony Smartphone and reinstalling it, the same error occurs there.
Remember: Error message: "Secure connection failed", and no display of the icon Controlbar.
Concerns only Firefox, current version, for Android with "Improved protection against activity tracking" turned off
https pages examples: whisky.de, dasoertliche.de, mindfactory.de, mobilsicher.de, wikipedia.org etc. ........
@thomasbeier-team-de I‘m in a Google free zone - so not Android, sorry.
But searching for your issue I found this which might help: https://stackoverflow.com/questions/61386312/cant-install-ca-certificate-on-android-11#62465897
You might want to consider stepping back from Google if you value you privacy... 🤔
Remember: If you buy cheap you probably pay a lot... 😉
I guess there's nothing you can do about it 😉
I have now deactivated the HTTPS support via WLAN for the smartphone and only enabled the VPN service.
Unfortunately the error has now also occurred with my old Sony Smartphone with Android 9.
Both under eOS 2.5.6 on Raspberry Pie 4 and on my company eBlocker under eOS 2.4.5 on Raspberry Pie 3.
On the Sony Smartphone you can still use the certificate as "VPN and Apps", and "WLAN".
See instructions https://eblocker.github.io/help/de/360002342774.html
Maybe there will be a solution for Android users some day.
Thanks for the answers, see you soon.
@thomasbeier-team-de I can‘t judge or help about Android but v9 should rather work 🤔
Well, but there is good news: even if https is not enabled you still get 90-95% protection from trackers/ads by the DNS based blocker which automatically kicks in... 😉