Use Https on Old Android Phones
FleetingIf I want to run some PWA on an old phone, chromium likely won’t like https because the certificates won’t be up to date.
Fortunately, most of my dependencies are copied in my ipfs stack. I do this to easy reproducibility.
That means that I only need to provide the certificate for letsencrypt and it should work.
clk cert show openssl konubinix.eu
CONNECTED(00000003)
---
Certificate chain
0 s:CN=konubinix.eu
i:C=US, O=Let's Encrypt, CN=R11
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 23 10:34:24 2024 GMT; NotAfter: Dec 22 10:34:23 2024 GMT
-----BEGIN CERTIFICATE-----
MIIF6DCCBNCgAwIBAgISBHfxctitowUjmB9AM25uyj9iMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjQwOTIzMTAzNDI0WhcNMjQxMjIyMTAzNDIzWjAXMRUwEwYDVQQD
Ewxrb251YmluaXguZXUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDp
h0zWxEyFbx+sQAfa9pUSV5axWMt2m8m4D7XPuq6aW5DxVXzU9WOKtVNLa1hF7cjj
E5QQJJivxqrn8edHLwp88bkNCejWogoidx4vIPX50ObzLRk+vL2OfKuCDIzWJi1I
9PBVAp+UWQtOVcwcmI9LubOONBX6V6eUKEKSuWsRpc7Qz2DWQ1vP9noiO5HjjluB
YhEftqtSLkFPbrLJnEkj79bO9xUoh75qWCe+y/bY0/FzwAZhUJLrPCjanjIJ98at
qSg5kxdHgMNkdLzTT+z17kQ0Z/mwfO6xmF363Hb7hGSZaWT0IwPDD48osDEeSv0o
bDqo0wqwDKoYyYJJDtbQHYJ8NpXzYWsJkB9UU3BHc/V/I6qjnzfXEK8jh1SsxNm+
RzbaMl4JkbaFRJl86Wpy3gr6XxP9eeO31YeW0RiKj0Rntp+m7UCIIJHIFyZVg+Ow
flMCMOUbi68aScKMo0VzUgGkEwS7xKRS7ea9O9jcijBv8cP45hykJvpC4mDptqfD
PQomp7mVB7P/fWJYPed2P6czIPEl8PKDX5W4btcGUgwlqN9fHbJdBhu4HfTB1XB6
FoPKcZNsGqsRM42NOMwoVzXScMmbK0WSCIDZLIRy39MhDcgJ4uhfTBoNmntG7nQd
l03zjPrVrC/jnhcXLZ/xAN8M2atBglEOjG/5eyGN+QIDAQABo4ICEDCCAgwwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBS1Ib0JuwSOmAuUCSaDK1KWrjmGvDAfBgNVHSME
GDAWgBTFz0ak6vTDwHpslcQtsF6SLybjuTBXBggrBgEFBQcBAQRLMEkwIgYIKwYB
BQUHMAGGFmh0dHA6Ly9yMTEuby5sZW5jci5vcmcwIwYIKwYBBQUHMAKGF2h0dHA6
Ly9yMTEuaS5sZW5jci5vcmcvMBcGA1UdEQQQMA6CDGtvbnViaW5peC5ldTATBgNV
HSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AKLjCuRF
772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABkh6n7nsAAAQDAEcwRQIgbnqB
vQn3SR7U/RJdtNM/3aQugfSd31NsdBDYRHNFcK4CIQCGkRKTSchNHUJ5QXlU22gE
zAeXFdyjemzjaHB5H3usiwB2ABmYEHEJ8NZSLjCA0p4/ZLuDbijM+Q9Sju7fzko/
FrTKAAABkh6n7oQAAAQDAEcwRQIgYkbUMNxttjTl81psC9hX5GrCElv5EmdbEtAH
mcY29JcCIQDC2+mUQIjaRxFTmDXYpgVNKz2C0TGHpEspzTi5ZCl49jANBgkqhkiG
9w0BAQsFAAOCAQEAKY95UMmyrAoWci5s0h2XHgCUijDM3rhOGtJ7NIMTZmrm/Ros
vs/B8jZIA5C6edymiK1uj1/YHp5Q+P+3A47aiuNVNgsliAQXROKqyR52OxhTbSVc
ipi5htYn0AZzxtWOTBepSH1lAe2yV94E3BLljSozuZ4wW9PXtvM2oQ6p0UzTMi35
TugMdIyIVHpCnbHYCpuvrm67lx5qiIxr2JHu9Wzxwr4xnyi2qhb5kjrrjnwafJIG
oZJ+KT9iELAORxtL5DUCb86H5GQ7nQCDHwatzRnOFemTm1zYxzC2oa9B1xB/VMVg
yOKED/XQrY1iC0CvkybLeQfia9t6FLGeBrzqWA==
-----END CERTIFICATE-----
1 s:C=US, O=Let's Encrypt, CN=R11
i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
-----BEGIN CERTIFICATE-----
MIIFBjCCAu6gAwIBAgIRAIp9PhPWLzDvI4a9KQdrNPgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDEMMAoGA1UEAxMDUjExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAuoe8XBsAOcvKCs3UZxD5ATylTqVhyybKUvsVAbe5KPUoHu0nsyQYOWcJ
DAjs4DqwO3cOvfPlOVRBDE6uQdaZdN5R2+97/1i9qLcT9t4x1fJyyXJqC4N0lZxG
AGQUmfOx2SLZzaiSqhwmej/+71gFewiVgdtxD4774zEJuwm+UE1fj5F2PVqdnoPy
6cRms+EGZkNIGIBloDcYmpuEMpexsr3E+BUAnSeI++JjF5ZsmydnS8TbKF5pwnnw
SVzgJFDhxLyhBax7QG0AtMJBP6dYuC/FXJuluwme8f7rsIU5/agK70XEeOtlKsLP
Xzze41xNG/cLJyuqC0J3U095ah2H2QIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB
hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUxc9GpOr0w8B6bJXELbBeki8m47kwHwYDVR0jBBgwFoAU
ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC
hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG
A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN
AQELBQADggIBAE7iiV0KAxyQOND1H/lxXPjDj7I3iHpvsCUf7b632IYGjukJhM1y
v4Hz/MrPU0jtvfZpQtSlET41yBOykh0FX+ou1Nj4ScOt9ZmWnO8m2OG0JAtIIE38
01S0qcYhyOE2G/93ZCkXufBL713qzXnQv5C/viOykNpKqUgxdKlEC+Hi9i2DcaR1
e9KUwQUZRhy5j/PEdEglKg3l9dtD4tuTm7kZtB8v32oOjzHTYw+7KdzdZiw/sBtn
UfhBPORNuay4pJxmY/WrhSMdzFO2q3Gu3MUBcdo27goYKjL9CTF8j/Zz55yctUoV
aneCWs/ajUX+HypkBTA+c8LGDLnWO2NKq0YD/pnARkAnYGPfUDoHR9gVSp/qRx+Z
WghiDLZsMwhN1zjtSC0uBWiugF3vTNzYIEFfaPG7Ws3jDrAMMYebQ95JQ+HIBD/R
PBuHRTBpqKlyDnkSHDHYPiNX3adPoPAcgdF3H2/W0rmoswMWgTlLn1Wu0mrks7/q
pdWfS6PJ1jty80r2VKsM/Dj3YIDfbjXKdaFU5C+8bhfJGqU3taKauuz0wHVGT3eo
6FlWkWYtbt4pgdamlwVeZEW+LM7qZEJEsMNPrfC03APKmZsJgpWCDWOKZvkZcvjV
uYkQ4omYCTX5ohy+knMjdOmdH9c7SpqEWBDC86fiNex+O0XOMEZSa8DA
-----END CERTIFICATE-----
---
Server certificate
subject=CN=konubinix.eu
issuer=C=US, O=Let's Encrypt, CN=R11
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3607 bytes and written 393 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Server public key is 4096 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_CHACHA20_POLY1305_SHA256
Session-ID: AEB341FFF4FA4312F47E812B38A82F78FF5F893D9CEF3A2A2F6CBF5D736D2669
Session-ID-ctx:
Resumption PSK: 7FCBF713824EE665C5EE68BB7C9597770365CB983256BEE3D2939AA764AF3AF9
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 604800 (seconds)
TLS session ticket:
0000 - 9e 9d 25 72 74 3c e0 9c-c4 be 2b 6b 23 20 42 77 ..%rt<....+k# Bw
0010 - e8 dc bc e9 c4 45 0a c1-f9 1c de 30 cd f2 eb 38 .....E.....0...8
0020 - de 79 2b 8e cd c9 a7 19-83 3e 65 77 2b 6e c8 06 .y+......>ew+n..
0030 - 52 d1 b1 b9 9c 26 09 20-2b 54 b2 dd e5 19 c9 72 R....&. +T.....r
0040 - 38 79 8f 6e 7b 64 b8 e2-bc 80 9b 08 de 21 18 e7 8y.n{d.......!..
0050 - b7 33 00 4e 48 07 84 77-27 8f ed 76 1e 4e f8 39 .3.NH..w'..v.N.9
0060 - 96 ba 78 bb 81 47 79 b5-c4 ..x..Gy..
Start Time: 1730641653
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
I took the last ------BEGIN CERTIFICATE----- block, adb pushed it on the phone
(mycert.crt), then Settings -> Security -> Crypto -> Install a certificate from
the SD Card and point to mycert.crt. Then, I’m good to go.