OneDrive addon fails to connect with an error "certificate not verified"

Support for Android version of Total Commander

Moderators: white, Hacker, petermad, Stefan2

Post Reply
cliveo
Junior Member
Junior Member
Posts: 4
Joined: 2020-12-31, 04:53 UTC

OneDrive addon fails to connect with an error "certificate not verified"

Post by *cliveo »

On an Android device running version 4.4.4 I get this error "certificate not verified" when trying to access my OneDrive account. I have been successful with the addon on a device running version 10.0. So, is this error due to a compatibility issue (the version being so old) or a deeper problem. Thanks for assistance
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: OneDrive addon fails to connect with an error message

Post by *ghisler(Author) »

It means that Android 4.4.4 does not know the root certificate used by the OneDrive servers to sign their site certificate.
According to this stack overflow article, it should be possible to install root certificates on Android 4 to Android 7:
https://stackoverflow.com/questions/4461360/how-to-install-trusted-ca-certificate-on-android-device

You should visit the OneDrive site with a Web browser on Windows or MacOS, and then look at the provided certificate chain. Then you need to export the root certificate (not the site certificate), and install it on Android.
Author of Total Commander
https://www.ghisler.com
cliveo
Junior Member
Junior Member
Posts: 4
Joined: 2020-12-31, 04:53 UTC

Re: OneDrive addon fails to connect with an error message

Post by *cliveo »

ghisler(Author) wrote: 2020-12-31, 14:28 UTC It means that Android 4.4.4 does not know the root certificate used by the OneDrive servers to sign their site certificate.
According to this stack overflow article, it should be possible to install root certificates on Android 4 to Android 7:
https://stackoverflow.com/questions/4461360/how-to-install-trusted-ca-certificate-on-android-device

You should visit the OneDrive site with a Web browser on Windows or MacOS, and then look at the provided certificate chain. Then you need to export the root certificate (not the site certificate), and install it on Android.
Sincere thanks for taking the time to clarify what's causing the error. My coding knowledge is non existent which makes the information contained in the StackOverflow discussion unintelligible. Apologies if my response sounds ungrateful. That is certainly not my intent. I am grateful that you took the time to respond.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: OneDrive addon fails to connect with an error message

Post by *ghisler(Author) »

Try importing these two certificates:
https://www.ghisler.ch/onedrivecerts.zip

1. Unzip the crt files on your phone.
2. Try opening them with Total Commander
3. If this fails, try adding them via Android settings as described here:
https://www.lastbreach.com/blog/importing-private-ca-certificates-in-android
Author of Total Commander
https://www.ghisler.com
cliveo
Junior Member
Junior Member
Posts: 4
Joined: 2020-12-31, 04:53 UTC

Re: OneDrive addon fails to connect with an error message

Post by *cliveo »

ghisler(Author) wrote: 2021-01-04, 15:02 UTC Try importing these two certificates:
https://www.ghisler.ch/onedrivecerts.zip

1. Unzip the crt files on your phone.
2. Try opening them with Total Commander
3. If this fails, try adding them via Android settings as described here:
https://www.lastbreach.com/blog/importing-private-ca-certificates-in-android
I tried both methods. I had installation succeeded messages for both methods, but I still get the error message. I'm very grateful for the time and patience that you have given me. It's a shame that your efforts haven't borne fruit.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: OneDrive addon fails to connect with an error "certificate not verified"

Post by *ghisler(Author) »

It's possible that Android 4.4.4 cannot handle SHA256 hash in certificates, only the weaker SHA1. Then it would be impossible.
Author of Total Commander
https://www.ghisler.com
cliveo
Junior Member
Junior Member
Posts: 4
Joined: 2020-12-31, 04:53 UTC

Re: OneDrive addon fails to connect with an error "certificate not verified"

Post by *cliveo »

ghisler(Author) wrote: 2021-01-07, 16:14 UTC It's possible that Android 4.4.4 cannot handle SHA256 hash in certificates, only the weaker SHA1. Then it would be impossible.
OK and thank you again for your support
User avatar
DrShark
Power Member
Power Member
Posts: 1872
Joined: 2006-11-03, 22:26 UTC
Location: Kyiv, 68/262
Contact:

Re: OneDrive addon fails to connect with an error message

Post by *DrShark »

cliveo wrote: 2021-01-05, 23:13 UTCI tried both methods. I had installation succeeded messages for both methods, but I still get the error message.
I also tried both methods on VirtualBox with Android 4.4.2 X86, there the certificates could be installed only with second method (first method showed Certificate read error). But yes, even after installing the certificate with second method, after I enter the password for OneDrive account in oAuth window and trying to login, TC shows "Certificate not verified" toast.
Stock web browser also shows outlook.com login page fine and allows to enter email and password, but then shows certificate error with problem certificate named *.events.data.microsoft.com and problem url like

Code: Select all

https://browser.pipe.aria.microsoft.com/Collectpr/3.0/?[rest of url]
, and login doesn't happen.
ghisler(Author) wrote: 2021-01-07, 16:14 UTC It's possible that Android 4.4.4 cannot handle SHA256 hash in certificates, only the weaker SHA1. Then it would be impossible.
That's sad, it was convenient to use OneDrive plugin to transfer files from that virtual machine to PC. For now I'm using Opera Mini 4 for Android and one Ukrainian email provider which has simple mobile UI with pure http access, but still with possibility to attach files to email, to transfer files from that virtual machine (stock browser can't upload files, and it's impossible to install better browsers, including newer Opera Mini versions, to that VM).
Donate for Ukraine to help stop Russian invasion!
Ukraine's National Bank special bank account:
UA843000010000000047330992708
User avatar
DrShark
Power Member
Power Member
Posts: 1872
Joined: 2006-11-03, 22:26 UTC
Location: Kyiv, 68/262
Contact:

Re: OneDrive addon fails to connect with an error message

Post by *DrShark »

DrShark wrote: 2021-01-08, 16:30 UTCVirtualBox with Android 4.4.2 X86 ...Stock web browser also shows outlook.com login page fine and allows to enter email and password, but then shows certificate error with problem certificate named *.events.data.microsoft.com and problem url like

Code: Select all

https://browser.pipe.aria.microsoft.com/Collectpr/3.0/?[rest of url]
, and login doesn't happen.
I managed to enter to Microsoft Account with stock browser of that Android using one of Microsoft pages where it's possible to sign in, now Microsoft pages show my account avatar and username, so login in web browser somehow works (Outlook Mail and OneDrive still don't work with that browser anyway, it seems it doesn't support some modern web features used in that services). I'm not sure if this info is helpful for OneDrive plugin which uses separate oAuth login page...
Donate for Ukraine to help stop Russian invasion!
Ukraine's National Bank special bank account:
UA843000010000000047330992708
User avatar
Usher
Power Member
Power Member
Posts: 1675
Joined: 2011-03-11, 10:11 UTC

Re: OneDrive addon fails to connect with an error "certificate not verified"

Post by *Usher »

2DrShark
Cloud drives and modern webmails heavily use (and even abuse) javascript code. Firefox is the only browser that can run such a code on Android 4.x, I think. The last supported Firefox version is pretty decent - 68.11.0.
Older JS engines are incomplete and very slow. Some features are unsupported, some other are buggy. In the best case you may wait a few minutes to see a webpage in your browser, in the worst case your browser may crash.
Andrzej P. Wozniak
Polish subforum moderator
Post Reply